Welcome to MSDN Blogs Sign in | Join | Help
Monday, November 09, 2009 8:26 AM

lerp

I needed a quick function to return a point..

Spat

public Point Lerp(Point p0, Point p1, double amtInterpolate)
    {

        double xlerp = p0.X + ( p1.X - p0.X ) * amtInterpolate;
        double ylerp = p0.Y + ( p1.Y - p0.Y ) * amtInterpolate;
        Point newPoint = new Point(xlerp, ylerp);
        return newPoint;
            
            
    }

 

Posted by SpatDSG | 0 Comments
Filed under:
Monday, November 09, 2009 7:25 AM

Debugging managed code.. from a newb for managed code debugging

Debugging managed code in WinDbg has never been my idea of fun. I wasn’t forcibly exposed to it enough I guess.

 

For example, if you look at http://blogs.msdn.com/spatdsg/archive/2009/02/23/there-and-back-again-the-life-of-a-bug-and-fix.aspx   there is like a 5 step process for setting a breakpoint, instead of !bpmd. Well, the other day I dug deep into debugging some code to which I had no src or symbols, so I learned a bit – at least what I needed to in order to solve the issue :) – so this post is a bit of a bookmark or reminder for me, and maybe it will help someone else one day as well.

 

 

Load the magical debugger extensions..

 

Not sure which ones I need so I load a bunch..

 

C:\debuggers\clr10\sos.dll

 

C:\debuggers\sosex.dll

-- from http://www.stevestechspot.com/SOSEXV2NowAvailable.aspx

 

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sos.dll

 

Keepers:

!ip2md = instruction pointer to method descriptor

!savemodule = save binary from the debug

 

Wishlist:

·         Doesn't seem like I can do fancy breakpoints like:

o   0:026> bp 76df1bbb "?1;.echo THIS IS THE RET"

 

·         Wish there was an easy "gu" command for managed code

·         I am sure there were more I wished for but can’t recall now….

 

 

A few nice things:

 

 

Get the exception

 

0:011> !PrintException

Exception object: 0147f600

Exception type: System.DirectoryServices.DirectoryServicesCOMException

Message: There is no such object on the server.

 

InnerException: <none>

StackTrace (generated):

<none>

StackTraceString: <none>

HResult: 80072030

 

 

 

 

Dump an array:

 

0:011> !DumpArray 01473aa8

Name: System.Object[]

MethodTable: 7912254c

EEClass: 79122ac0

Size: 1072(0x430) bytes

Array: Rank 1, Number of elements 264, Type CLASS

Element Methodtable: 790f8a7c

[0] 0146f64c

[1] 0146f684

[2] 0146f6ac

[3] 0146f6e0

[4] 0146f714

[5] 0146f748

[6] 0146f790

[7] 0146f7c8

[8] 0146f814

[9] 0146f840

[10] 0146f870

[11] 0146f8ac

[12] 0146f8d0

[13] 0146f8f4

[14] 0146f91c

[15] 0146f950

[16] 0146f990

 

 

0:011> ! mdt 0146f64c

0146f64c (System.String: "accountNameHistory")

0:011> !mdt 01472644

01472644 (System.String: "securityIdentifier")



In order to get the raw IL:

 

IL reference

http://www.ecma-international.org/publications/standards/Ecma-335.htm

 

 

0:026> !name2ee FooBar.DirectoryServices.dll FooBar.DirectoryServices.Server.getDomain

Module: 01d93da4 (FooBar.DirectoryServices.dll)

Token: 0x06000412

MethodDesc: 0ec510b0

Name: FooBar.DirectoryServices.Server.getDomain()

JITTED Code Address: 02594a00

 

 

0:026> !dumpil 0ec510b0

ilAddr = 0e835350

IL_0000: ldarg.0

IL_0001: ldfld FooBar.DirectoryServices.Server::initial

IL_0006: callvirt FooBar.DirectoryServices.LDAPInitialContext::get_Domain

IL_000b: ret

 

 

 

Get the method table from the class

 

 

0:026> !name2ee FooBar.DirectoryServices.dll FooBar.DirectoryServices.LDAPInitialContext

Module: 01d93da4 (FooBar.DirectoryServices.dll)

Token: 0x0200004d

MethodTable: 01d99d54

EEClass: 0ec21610

Name: FooBar.DirectoryServices.LDAPInitialContext

 

 

0:026> !dumpmt -md 01d99d54

EEClass: 0ec21610

Module: 01d93da4

Name: FooBar.DirectoryServices.LDAPInitialContext

mdToken: 0200004d  (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

BaseSize: 0x48

ComponentSize: 0x0

Number of IFaces in IFaceMap: 1

Slots in VTable: 45

--------------------------------------

MethodDesc Table

   Entry MethodDesc      JIT Name

7934cdcc   79137ab8   PreJIT System.Object.ToString()

7934bba0   79137ac0   PreJIT System.Object.Equals(System.Object)

7934bb90   79137ad8   PreJIT System.Object.GetHashCode()

793424c0   79137ae0   PreJIT System.Object.Finalize()

0ec1df50   01d99c60      JIT FooBar.DirectoryServices.LDAPInitialContext.get_Path()

01d999f5   01d99928      JIT FooBar.DirectoryServices.Context.getPathEx()

01d999fd   01d99938     NONE FooBar.DirectoryServices.Context.Contains(FooBar.DirectoryServices.Context)

01d99a01   01d99940     NONE FooBar.DirectoryServices.Context.IsParentOf(FooBar.DirectoryServices.Context)

01d99a05   01d99948     NONE FooBar.DirectoryServices.Context.GetRelativeDisplayName(FooBar.DirectoryServices.Context)

<snip>

 

 

 

 

Set a managed breakpoint?


0:027> !bpmd FooBar.WebDir.dll FooBar.WebDir.SecurityLevel.Evaluate

 

 How do I set a breakpoint on the return address for a function? ( thanks Khalil ! )

 

                Q: For example - I want to set a break on the return of the highlighted function..

A: Do a !u (managed command for unassemble) on the red highlighted. Set a bp, as you normally would, on the instruction after the call of interest.

 

0012ebd0 671663ae System.DirectoryServices.DirectoryEntry.Bind(Boolean)

0012ec28 67166245 System.DirectoryServices.DirectoryEntry.Bind()

0012ec38 67165870 System.DirectoryServices.DirectoryEntry.get_AdsObject()

0012ec48 67168ede System.DirectoryServices.DirectorySearcher.FindAll(Boolean)

0012ec64 67168d9b System.DirectoryServices.DirectorySearcher.FindOne()

0012ec9c 044e101d FooBar.DirectoryServices.ActiveDirectoryInitialContext.IsExchangeMixed()

0012ecb8 044e099e FooBar.DirectoryServices.ActiveDirectoryInitialContext.detectServerType()

0012ece0 0498f222 FooBar.DirectoryServices.ActiveDirectoryInitialContext.Connect(System.DirectoryServices.DirectoryEntry)

0012ecfc 0498e34c FooBar.DirectoryServices.ContextManager.Connect(FooBar.DirectoryServices.Credentials, System.String, Boolean)

0012ed14 0498d669 FooBar.DirectoryServices.Server.connect(FooBar.DirectoryServices.Credentials, System.String, System.String, System.String, Boolean, Boolean)

0012ed58 0498d506 FooBar.DirectoryServices.Server.connect(FooBar.DirectoryServices.Credentials, System.String, System.String, System.String)

0012ed68 044e419b FooBar.SystemConfiguration.GetAdminListDistinguishedName(System.String, System.String, System.String, System.Windows.Forms.Form)

0012ed88 044e4104 FooBar.ServerForm.cmdSelectHelpdeskDL_Click(System.Object, System.EventArgs)

 

 

 

Dump the object:

 

0:011> !mdt 014224ec

014224ec (System.DirectoryServices.PropertyValueCollection)

   list:0142250c (System.Collections.ArrayList)

   entry:013ffffc (System.DirectoryServices.DirectoryEntry)

   propertyName:013fe734 (System.String: "DnsHostName")

   updateType:0x3 (System.DirectoryServices.PropertyValueCollection+UpdateType)

   changeList:014225c0 (System.Collections.ArrayList+SyncArrayList)

   allowMultipleChange:true (System.Boolean)

   needNewBehavior:true (System.Boolean)

 

 

 

 

Get the CLR Stack:

 

0:000> !CLRStack -a

OS Thread Id: 0x3b4 (0)

ESP       EIP    

ESP/REG  Object   Name

0012eca8 76f19255 [ComPlusMethodFrameGeneric: 0012eca8] System.DirectoryServices.Interop.UnsafeNativeMethods+IAds.GetEx(System.String, System.Object ByRef)

ESP/REG  Object   Name

0012ecbc 6716d109 System.DirectoryServices.PropertyValueCollection.PopulateList()

    PARAMETERS:

        this = 0x01736e38

    LOCALS:

        <no data>

        <CLR reg> = 0x0012ea30

 

ESP/REG  Object   Name

0012ecd0 6716cbc5 System.DirectoryServices.PropertyValueCollection..ctor(System.DirectoryServices.DirectoryEntry, System.String)

    PARAMETERS:

        this = 0x01736e38

        entry = 0x017360f8

        propertyName = <no data>

    LOCALS:

        <no data>

        <no data>

 

ESP/REG  Object   Name

0012ecdc 013ab5f4 System.String    defaultNamingContext

0012ece4 013ab5f4 System.String    defaultNamingContext

0012ece8 6716bea4 System.DirectoryServices.PropertyCollection.get_Item(System.String)

    PARAMETERS:

        this = 0x01736ce8

        propertyName = <no data>

    LOCALS:

        <CLR reg> = 0x01736dfc

        <no data>

 

ESP/REG  Object   Name

0012ecfc 0498e2a0 FooBar.DirectoryServices.ContextManager.Connect(FooBar.DirectoryServices.Credentials, System.String, Boolean)

    PARAMETERS:

        credentials = 0x01736044

        serverName = 0x016fa234

        newConn = 0x00000001

    LOCALS:

        <no data>

        <CLR reg> = 0x017360f8

        <no data>

        <no data>   

 

 

 

 

 

 

Finding the call they made..

 

 

 

04a8eba8 8bf8            mov     edi,eax

04a8ebaa 8b5624          mov     edx,dword ptr [esi+24h]      --- some offset member

04a8ebad 8bcf            mov     ecx,edi               --- move some object instance in place

04a8ebaf ff150053df03    call    dword ptr ds:[3DF5300h]      --- call some method of that class instance

 

 

0:011> r

eax=014229e8 ebx=013ffffc ecx=03df5294 edx=01421b18 esi=01421bfc edi=014229e8

eip=04a8ebad esp=03ddf34c ebp=013ffffc iopl=0         nv up ei pl nz na pe nc

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206

04a8ebad 8bcf            mov     ecx,edi

 

 

 

0:011> p

eax=014229e8 ebx=013ffffc ecx=014229e8 edx=01421b18 esi=01421bfc edi=014229e8

eip=04a8ebaf esp=03ddf34c ebp=013ffffc iopl=0         nv up ei pl nz na pe nc

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206

04a8ebaf ff150053df03    call    dword ptr ds:[3DF5300h] ds:0023:03df5300=03df5329

 

 

0:011> !dumpmt -md 03df5294

EEClass: 03cbacb4

Module: 00909394

Name: FooBar.DirectoryServices.Exchange.Site

mdToken: 0200009e  (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

BaseSize: 0x54

ComponentSize: 0x0

Number of IFaces in IFaceMap: 2

Slots in VTable: 20

--------------------------------------

MethodDesc Table

   Entry MethodDesc      JIT Name

7934cdcc   79137ab8   PreJIT System.Object.ToString()

...

03df5331   03df5268     NONE FooBar.DirectoryServices.Exchange.Site.IsGroupContainer()

03df5329   03df5258     NONE FooBar.DirectoryServices.Exchange.Site..ctor(System.String)

03df532d   03df5260     NONE FooBar.DirectoryServices.Exchange.Site..ctor(System.String, System.String)

03df5335   03df5270     NONE FooBar.DirectoryServices.Exchange.Site.isMixed()

 

 

 

 

Assembly walk back..

 

Here is a small portion of code we can walk through the managed stuff in

 

04a8ebad 8bcf            mov     ecx,edi

04a8ebaf ff150053df03    call    dword ptr ds:[3DF5300h] -- call method as noted above. ( maybe gets some info? )

 

04a8ebb5 8d5638          lea     edx,[esi+38h]

04a8ebb8 e8625b3e75      call    mscorwks!JIT_Writeable_Thunks_Buf+0x11f (79e7471f) (mscorwks!JIT_Writeable_Thunks_Buf)

 

04a8ebbd 8b4e38          mov     ecx,dword ptr [esi+38h]

04a8ebc0 3909            cmp     dword ptr [ecx],ecx

04a8ebc2 ff150853df03    call    dword ptr ds:[3DF5308h]

 

 

04a8ebc8 88464c          mov     byte ptr [esi+4Ch],al

04a8ebcb b94477df03      mov     ecx,3DF7744h

04a8ebd0 e84734e6fb      call    008f201c (JitHelp: CORINFO_HELP_NEWSFAST)

 

 

 

 

Moving the data back into the object instance

 

 

04a8ebb5 8d5638          lea     edx,[esi+38h]

04a8ebb8 e8625b3e75      call    mscorwks!JIT_Writeable_Thunks_Buf+0x11f (79e7471f) (mscorwks!JIT_Writeable_Thunks_Buf)

 

 

0:011> r

eax=014229e8 ebx=013ffffc ecx=01422ffc edx=0000508a esi=01421bfc edi=014229e8

eip=04a8ebb5 esp=03ddf34c ebp=013ffffc iopl=0         nv up ei pl nz na po nc

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202

04a8ebb5 8d5638          lea     edx,[esi+38h]

 

0:011> !do 01421bfc

Name: FooBar.DirectoryServices.ActiveDirectoryInitialContext

MethodTable: 03df6194

EEClass: 03cbb41c

Size: 88(0x58) bytes

GC Generation: 0

 (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

Fields:

      MT    Field   Offset                 Type VT     Attr    Value Name

034c94cc  40001a4        4 ...es.InitialContext  0 instance 00000000 initialContext

790f9244  40001a5        8        System.String  0 instance 01254d68 distinguishedName

03df7240  40001a6        c ...veDs.IADsPathname  0 instance 01422100 adsPathName

790f9244  40001a7       10        System.String  0 instance 01422110 protocolPrefix

790fd8b4  40001a8       14 ...ections.Hashtable  0 instance 01422038 objectClassSchemas

034caad4  40001c1       18 ...vices.Credentials  0 instance 013db8f4 connectionCredentials

790f9244  40001c2       1c        System.String  0 instance 012f9f74 serverName

790f9244  40001c3       20        System.String  0 instance 01422538 dnsHostName

790f9244  40001c4       24        System.String  0 instance 01421b18 defaultNamingContext

790f9244  40001c5       28        System.String  0 instance 01422680 configNamingContext

790f9244  40001c6       2c        System.String  0 instance 014227d0 schemaNamingContext

03df7744  40001c7       30 ...veDirectoryDomain  0 instance 00000000 domain

03df7844  40001c8       34 ...ory.GlobalCatalog  0 instance 00000000 global

03df5294  40001c9       38 ...ces.Exchange.Site  0 instance 00000000 site

03df4a80  40001ca       3c ...ces.DirectoryItem  0 instance 00000000 config

790ffe7c  40001cb       40          System.Type  0 instance 00000000 providerType

034c30c0  40001c0      2a0         log4net.ILog  0   static 013fe5e4 debugLog

790f9244  40001cc      2a4        System.String  0   static 013fe330 TopContainerFormatter

79103c00  400025b       4c       System.Boolean  1 instance        0 ntMixed

79103c00  400025c       4d       System.Boolean  1 instance        0 mixed

79103c00  400025d       4e       System.Boolean  1 instance        0 hasExchange

79103c00  400025e       4f       System.Boolean  1 instance        0 hasExchange2003

79103c00  400025f       50       System.Boolean  1 instance        0 gcPresent

790f9244  4000260       44        System.String  0 instance 0142293c rootDomainNamingContext

790fd8b4  4000261       48 ...ections.Hashtable  0 instance 01421f70 detailedSchemaInfo

034c30c0  400025a      330         log4net.ILog  0   static 01421ef0 debugLog

 

 

 

 

04a8ebb8 e8625b3e75      call    mscorwks!JIT_Writeable_Thunks_Buf+0x11f (79e7471f) (mscorwks!JIT_Writeable_Thunks_Buf) 

-- > after this the  FooBar.DirectoryServices.ActiveDirectoryInitialContext site is filled in

 

 

0:011> !do 01421bfc

Name: FooBar.DirectoryServices.ActiveDirectoryInitialContext

MethodTable: 03df6194

EEClass: 03cbb41c

Size: 88(0x58) bytes

GC Generation: 0

 (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

Fields:

      MT    Field   Offset                 Type VT     Attr    Value Name

034c94cc  40001a4        4 ...es.InitialContext  0 instance 00000000 initialContext

790f9244  40001a5        8        System.String  0 instance 01254d68 distinguishedName

03df7240  40001a6        c ...veDs.IADsPathname  0 instance 01422100 adsPathName

790f9244  40001a7       10        System.String  0 instance 01422110 protocolPrefix

790fd8b4  40001a8       14 ...ections.Hashtable  0 instance 01422038 objectClassSchemas

034caad4  40001c1       18 ...vices.Credentials  0 instance 013db8f4 connectionCredentials

790f9244  40001c2       1c        System.String  0 instance 012f9f74 serverName

790f9244  40001c3       20        System.String  0 instance 01422538 dnsHostName

790f9244  40001c4       24        System.String  0 instance 01421b18 defaultNamingContext

790f9244  40001c5       28        System.String  0 instance 01422680 configNamingContext

790f9244  40001c6       2c        System.String  0 instance 014227d0 schemaNamingContext

03df7744  40001c7       30 ...veDirectoryDomain  0 instance 00000000 domain

03df7844  40001c8       34 ...ory.GlobalCatalog  0 instance 00000000 global

03df5294  40001c9       38 ...ces.Exchange.Site  0 instance 014229e8 site

03df4a80  40001ca       3c ...ces.DirectoryItem  0 instance 00000000 config

790ffe7c  40001cb       40          System.Type  0 instance 00000000 providerType

034c30c0  40001c0      2a0         log4net.ILog  0   static 013fe5e4 debugLog

790f9244  40001cc      2a4        System.String  0   static 013fe330 TopContainerFormatter

79103c00  400025b       4c       System.Boolean  1 instance        0 ntMixed

79103c00  400025c       4d       System.Boolean  1 instance        0 mixed

79103c00  400025d       4e       System.Boolean  1 instance        0 hasExchange

79103c00  400025e       4f       System.Boolean  1 instance        0 hasExchange2003

79103c00  400025f       50       System.Boolean  1 instance        0 gcPresent

790f9244  4000260       44        System.String  0 instance 0142293c rootDomainNamingContext

790fd8b4  4000261       48 ...ections.Hashtable  0 instance 01421f70 detailedSchemaInfo

034c30c0  400025a      330         log4net.ILog  0   static 01421ef0 debugLog

 

 

04a8ebbd 8b4e38          mov     ecx,dword ptr [esi+38h] - now move the value into ECX

04a8ebc0 3909            cmp     dword ptr [ecx],ecx          -- ptr [ECX] is the method table

 

 

0:011> r

eax=014229e8 ebx=013ffffc ecx=01422ffc edx=00005087 esi=01421bfc edi=014229e8

eip=04a8ebbd esp=03ddf34c ebp=013ffffc iopl=0         nv up ei pl zr na pe nc

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246

04a8ebbd 8b4e38          mov     ecx,dword ptr [esi+38h] ds:0023:01421c34=014229e8

 

0:011> p

eax=014229e8 ebx=013ffffc ecx=014229e8 edx=00005087 esi=01421bfc edi=014229e8

eip=04a8ebc0 esp=03ddf34c ebp=013ffffc iopl=0         nv up ei pl zr na pe nc

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246

04a8ebc0 3909            cmp     dword ptr [ecx],ecx  ds:0023:014229e8=03df5294

 

0:011> !do 014229e8

Name: FooBar.DirectoryServices.Exchange.Site

MethodTable: 03df5294 -- check this via "!dumpmt -md 03df5294"

EEClass: 03cbacb4

Size: 84(0x54) bytes

GC Generation: 0

 

04a8ebc2 ff150853df03    call    dword ptr ds:[3DF5308h]  -- here we call 03df5335-> 03df5270    

 

 

0:011> !dumpmt -md 03df5294

EEClass: 03cbacb4

Module: 00909394

Name: FooBar.DirectoryServices.Exchange.Site

mdToken: 0200009e  (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

BaseSize: 0x54

ComponentSize: 0x0

Number of IFaces in IFaceMap: 2

Slots in VTable: 20

--------------------------------------

MethodDesc Table

   Entry MethodDesc      JIT Name

7934cdcc   79137ab8   PreJIT System.Object.ToString()

7934bba0   79137ac0   PreJIT System.Object.Equals(System.Object)

7934bb90   79137ad8   PreJIT System.Object.GetHashCode()

793424c0   79137ae0   PreJIT System.Object.Finalize()

03df44e5   03df43e0     NONE FooBar.DirectoryServices.Item.GetDisplayName()

...

03df5331   03df5268     NONE FooBar.DirectoryServices.Exchange.Site.IsGroupContainer()

04a8ed00   03df5258      JIT FooBar.DirectoryServices.Exchange.Site..ctor(System.String)

03df532d   03df5260     NONE FooBar.DirectoryServices.Exchange.Site..ctor(System.String, System.String)

03df5335   03df5270     NONE FooBar.DirectoryServices.Exchange.Site.isMixed()

<snip>

 

 

 

04a8ebc8 88464c          mov     byte ptr [esi+4Ch],al

04a8ebcb b94477df03      mov     ecx,3DF7744h

04a8ebd0 e84734e6fb      call    008f201c (JitHelp: CORINFO_HELP_NEWSFAST)

 

 

 

0:011> p

eax=00000000 ebx=013ffffc ecx=01454b94 edx=00000000 esi=01421bfc edi=014229e8

eip=04a8ebc8 esp=03ddf34c ebp=013ffffc iopl=0         nv up ei ng nz ac pe cy

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000297

04a8ebc8 88464c          mov     byte ptr [esi+4Ch],al      ds:0023:01421c48=00 -- sets ntMixed == false

 

 

 

0:011> !do 01421bfc

Name: FooBar.DirectoryServices.ActiveDirectoryInitialContext

MethodTable: 03df6194

EEClass: 03cbb41c

Size: 88(0x58) bytes

GC Generation: 0

 (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

Fields:

      MT    Field   Offset                 Type VT     Attr    Value Name

034c94cc  40001a4        4 ...es.InitialContext  0 instance 00000000 initialContext

790f9244  40001a5        8        System.String  0 instance 01254d68 distinguishedName

...

790f9244  40001cc      2a4        System.String  0   static 013fe330 TopContainerFormatter

79103c00  400025b       4c       System.Boolean  1 instance        0 ntMixed

79103c00  400025c       4d       System.Boolean  1 instance        0 mixed

79103c00  400025d       4e       System.Boolean  1 instance        0 hasExchange

 

 

0:011> p

eax=00000000 ebx=013ffffc ecx=01454b94 edx=00000000 esi=01421bfc edi=014229e8

eip=04a8ebcb esp=03ddf34c ebp=013ffffc iopl=0         nv up ei ng nz ac pe cy

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000297

04a8ebcb b94477df03      mov     ecx,3DF7744h

 

 

0:011> !do 01421bfc

Name: FooBar.DirectoryServices.ActiveDirectoryInitialContext

MethodTable: 03df6194

EEClass: 03cbb41c

Size: 88(0x58) bytes

GC Generation: 0

 (C:\WINDOWS\assembly\GAC_MSIL\FooBar.DirectoryServices\2.0.105.0__8cd3e6ab09a4c7bf\FooBar.DirectoryServices.dll)

Fields:

      MT    Field   Offset                 Type VT     Attr    Value Name

034c94cc  40001a4        4 ...es.InitialContext  0 instance 00000000 initialContext

790f9244  40001a5        8        System.String  0 instance 01254d68 distinguishedName

...

790f9244  40001c5       28        System.String  0 instance 00000000 configNamingContext

790f9244  40001c6       2c        System.String  0 instance 00000000 schemaNamingContext

03df7744  40001c7       30 ...veDirectoryDomain  0 instance 00000000 domain

03df7844  40001c8       34 ...ory.GlobalCatalog  0 instance 00000000 global

03df5294  40001c9       38 ...ces.Exchange.Site  0 instance 00000000 site

 

0:011>

eax=00000000 ebx=013ffffc ecx=03df7744 edx=00000000 esi=01421bfc edi=014229e8

eip=04a8ebd0 esp=03ddf34c ebp=013ffffc iopl=0         nv up ei ng nz ac pe cy

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000297

04a8ebd0 e84734e6fb      call    008f201c

 

04a8e381 e8963ce6fb      call    008f201c (JitHelp: CORINFO_HELP_NEWSFAST) --- can’t recall what this was - looks like it allocates an object?

 

Posted by SpatDSG | 0 Comments
Filed under:
Monday, November 02, 2009 7:33 AM

Why am I using VMWare?

Well, I have had to resort to VMWare. I don’t have anything against it really, I used to use it exclusively, but I would rather use an MS platform if it does what I need it to.

Unfortunately the  VPC version for Win7 does not support 64 bit guests and I run a bunch of DCs etc.. and need to have 2k8R2 ( Win7 Server ) as well - but Win7 Server dropped support for 32 bit versions.

So, I made and ISO of the setup files and download the latest VMWare player.. when I input the ISO file, I repeatedly get the following error and could not get past it. “VMWare player has stopped working” – would you like to debug? No… not now.

clip_image002

Finally I came across this blog:

http://www.blogsdna.com/1918/how-to-install-windows-7-on-windows-xp-vista-using-vmware-player-complete-guide.htm

And I wondered why in the world he went to all that trouble? But, I figured he knew better, so instead of trying to specify an ISO in the initial setup, I created the VM with the Win7 options:

clip_image004

clip_image006

Once I did that, I setup the CDROM as the ISO and that worked great!

Anyway.. in case someone else runs into it , maybe this post will help.

Oh, and if any VM guys are reading - I really would like to see VPC on Win7 support 64bit! :)

Spat

Posted by SpatDSG | 3 Comments
Filed under:
Sunday, November 01, 2009 9:40 AM

Playing with Silverlight..

Testing a few things with SL, eventually want a TFS integrated reporting tool. But, this was more for just fun.

Posted by SpatDSG | 1 Comments
Filed under:
Thursday, September 17, 2009 7:36 AM

Cool new features in 2k8 R2 for Certificate Services

I really dont like posting about another post.. but its too cool not to in this case :)

There are some really awesome new features for Cert Services in 2k8 R2.. check it out in the Certificate Enrollment Web Services Whitepaper

Original post:

http://blogs.technet.com/pki/archive/2009/09/15/certificate-enrollment-web-services-whitepaper.aspx

Doc download link:

http://download.microsoft.com/download/C/2/2/C229E624-36E4-4AD8-9D86-F564ED539A16/Windows%20Server%202008%20R2%20Certificate%20Enrollment%20Web%20Services.doc

Posted by SpatDSG | 0 Comments
Filed under:
Tuesday, September 15, 2009 10:19 AM

Logging for MUI language packs

Quick post..

If you are having errors when installing the MUI language packs on Win7\Server 2008 R2 - the logs are located in the users profile appdata path: 

C:\Users\Administrator\AppData\Local\Temp\lpksetup folder

Here is a snip of a log for an example:\

SNIP:

15:30:50:034 : PERF: Create language from CAB (C:\tools\langpacks\zh-hk\lp.cab) - ENTER

15:30:53:495 : DEBUG: CreateFromIdentity("Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~zh-HK~6.1.7600.16385")

15:30:55:014 : DEBUG: CreateFromIdentity("Client")

15:30:56:784 : DEBUG: Client is not a language type package, or does not match the type of your OS (e.g., server language packs mismatched with a client OS). Check to be sure that you are using language packs which match your machine.

15:30:56:871 : WARN: Unable to create langpack

15:30:56:897 : WARN: CbsClient::CreateLanguagePackFromCabImpl(C:\tools\langpacks\zh-hk\lp.cab) failed with hr = 0x80070032

spat

 

Posted by SpatDSG | 0 Comments
Filed under:
Tuesday, September 08, 2009 7:30 AM

How to enable WPP tracing for a component at boot time?

Been away for a while , busy with lotsa interesting online services projects ( my "new" group ) .  I'll see if I can blog about any of those interesting tidbits.. in the meantime.

WPP tracing is all over the place in Win7 – a quick count of registered providers shows 672 available providers  via “logman .exe query providers”

 

We can choose a random one to pick on today – like BITS ( background intelligent transfer services ) .

Here we can view the available flags for this provider.

 

C:\>logman query providers "BITS Service Trace"

 

Provider                                 GUID

-------------------------------------------------------------------------------

BITS Service Trace                       {4A8AAA94-CFC4-46A7-8E4E-17BC45608F0A}

 

Value               Keyword              Description

-------------------------------------------------------------------------------

0x0000000000000001  LogFlagInfo          LogFlagInfo Flag

0x0000000000000002  LogFlagWarning       LogFlagWarning Flag

0x0000000000000004  LogFlagError         LogFlagError Flag

0x0000000000000008  LogFlagFunction      LogFlagFunction Flag

0x0000000000000010  LogFlagRefCount      LogFlagRefCount Flag

0x0000000000000020  LogFlagSerialize     LogFlagSerialize Flag

0x0000000000000040  LogFlagDownload      LogFlagDownload Flag

0x0000000000000080  LogFlagTask          LogFlagTask Flag

0x0000000000000100  LogFlagLock          LogFlagLock Flag

0x0000000000000200  LogFlagService       LogFlagService Flag

0x0000000000000400  LogFlagDataBytes     LogFlagDataBytes Flag

0x0000000000000800  LogFlagTransferDetails LogFlagTransferDetails Flag

0x0000000000001000  LogFlagPeer          LogFlagPeer Flag

 

PID                 Image

-------------------------------------------------------------------------------

0x00000190

0x00000190

 

 

The command completed successfully.

 

But let’s get to the point. How do you enabled a trace log and maintain it across reboots?

 

You can follow the reg setting keys\values documented here - http://msdn.microsoft.com/en-us/library/aa363687(VS.85).aspx

 

The primary key  is  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger

You can also download the DDK and use tracelog.exe  with the /addautologger command see http://msdn.microsoft.com/en-us/library/dd852200.aspx

 

Luckily Logman.exe , which is included in the OS, has a nifty CLI switch to enable this.

The trick is to preface the log session name  with “autosession\”.

 

C:\Windows\system32>logman create trace "autosession\SpatsBITSTrace" -p "BITS Service Trace" -o SpatsBITSTrace.etl

The command completed successfully.

 

 

You can add the parameters for buffers, flags and other from the cmd line as well.

 

This creates the following reg values and automatically sets them under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SpatsBITSTrace\{4A8AAA94-CFC4-46A7-8E4E-17BC45608F0A}

 

 

Just like any  tracing session you can stop it via:

 

                logman stop “SpatsBITSTrace” -ets

 

You can delete this tracing logger permanently ( so it will not  restart on the next boot ) via

 

                logman delete “autosession\ SpatsBITSTrace” 

 

 

Hope it helps someone .

 

spat

Posted by SpatDSG | 0 Comments
Filed under:
Friday, April 03, 2009 7:22 AM

How to determine virtual machine host name "virtual server"

Recently had a problem where the lab folks forget where my VM was installed to and I needed some RAM added to it.  I needed to find the physical host name of the machine the VM was running on.  Turns out that there is a handy dandy reg key one the VS devs pointed out to me:

 HKLM\Software\Microsoft\Virtual Machine\Guest\Parameters\PhysicalHostName

Hope it helps someone, I spent quite some time trying to figure it out on my own.

 

spat

 

Posted by SpatDSG | 0 Comments
Thursday, March 26, 2009 7:38 AM

More Kerberos fun with PAC’s- decrypt the PAC

I had been meaning to blog about this for a while, and recently was teaching a class when a friend of mine looked into the exact steps and issues – thanks Woody.

It may be interesting to peek into the PAC every once in a while and make sure everything is OK. Yaknow – like a long lost cousin. See http://blogs.msdn.com/spatdsg/archive/2007/03/07/pac-validation.aspx  for more info on PAC data

This is good for labs – not so much for production. But here goes.

It’s laid out here: http://wiki.wireshark.org/Kerberos

1. Download the ktexport utility - http://www.ioplex.com/utilities/

2. Run it on your DC against LSASS.EXE’s PID

3. C:\TEMP\ktexport.exe 376

4. It will create a file called sam.keytab

5. Create a directory called c:\temp

6. Copy sam.keytab to c:\temp.

7. Copy the wireshark trace to c:\temp

8. Open the trace in wireshark

Go to Edit -> Preferences:

clip_image002

Enabled the ability to decrypt the blobs.

Specify the sam.keytab file – no path info as it does not seem to like it. ( for example c:\temp\sam.keytab does NOT work )

clip_image004

Now – I have found I need to restart Wireshark sometimes, but check your kerb data – like an AS_REP packet and you should see:

  AuthorizationData AD-IF-RELEVANT

                        Type: AD-IF-RELEVANT (1)

                        Data: 308202D2308202CEA00402020080A18202C4048202C00400...

                            IF_RELEVANT AD-Win2k-PAC

                                Type: AD-Win2k-PAC (128)

                                Data: 040000000000000001000000300200004800000000000000...

                                    Num Entries: 4

                                    Version: 0

                                    Type: Logon Info (1)

                                        Size: 560

                                        Offset: 72

                                      PAC_LOGON_INFO: 01100800CCCCCCCC200200000000000000000200C0C1160B...

                                            unknown MIDL blob

                                                Unknown: 0x00081001

                                                Unknown: 0xcccccccc

                                                Blob Length: 544

                                                Unknown: 0x00000000

                                            PAC_LOGON_INFO:

                                                Referent ID: 0x00020000

                                                Logon Time: Mar 25, 2009 16:25:54.415046400

                                                Logoff Time: Infinity (absolute time)

                                                Kickoff Time: Infinity (absolute time)

                                                PWD Last Set: Mar 18, 2009 12:31:33.473204800

                                                PWD Can Change: Mar 19, 2009 12:31:33.473204800

                                                PWD Must Change: Apr 30, 2009 11:19:05.216948800

                                                Acct Name: shannon

                                                    Length: 14

                                                    Size: 14

                                                    Character Array: shannon

                                                        Referent ID: 0x00020004

                                                        Max Count: 7

                                                        Offset: 0

                                                        Actual Count: 7

                                                        Acct Name: shannon

                                                Full Name: shannon

                                                    Length: 14

                                                    Size: 14

                                                    Character Array: shannon

                                                        Referent ID: 0x00020008

                                                        Max Count: 7

                                                        Offset: 0

                                                        Actual Count: 7

                                                        Full Name: shannon

                                                Logon Script

                                                    Length: 0

                                                    Size: 0

                                                    Character Array

                                                        Referent ID: 0x0002000c

                                                        Max Count: 0

                                                        Offset: 0

                                                        Actual Count: 0

                                                Profile Path

                                                    Length: 0

                                                    Size: 0

                                                    Character Array

                                                        Referent ID: 0x00020010

 

Have fun!

Spat

 

 

OK so some folks have let me know that Ktexport crashes LSASS.EXE - obviously no fun.

So here is what I tested:

I installed WindowsServer2003-KB843071-x86-enu.exe from "Ktpass.exe may not create a Kerberos keytab file successfully when you use the /target switch and the /mapuser switch on a Windows Server 2003-based computer or on a Windows 2000-based computer"

  • In this case the user's UPN is Shannon@mil
  • The users samAccountName is  Shannon
  • The users password is Password.
  • The users domain is request132027.local

I ran the following:

 

C:\TEMP>ktpass.exe /out shannon.keytab /princ shannon@MIL /crypto RC4-HMAC /pass Password /ptype KRB5_NT_PRINCIPAL

Key created.

Output keytab to shannon.keytab:

Keytab version: 0x502

keysize 45 shannon@MIL ptype 1 (KRB5_NT_PRINCIPAL) vno 1 etype 0x17 (RC4-HMAC) keylength 16 (0x76756bad6a045177f68d583c1152e3c5)

I used this keytab in wireshark:

clip_image002[1]

Seemed to work out OK.  If you were doing it for a machine it would not work since you don't know the machine password .. I have not tried setting the password etc..

spat

 

 

 

Posted by SpatDSG | 4 Comments
Filed under:
Monday, March 09, 2009 7:25 AM

Informal survey..iPhone VS Windows Mobile..

 

Coming from support, I have seen many different causes for crashes and hangs,  memory leaks and BSOD’s.  Of course, again I am colored by my experiences  and it reflects in the title of my blog “When things go wrong.. “  I only see the bad side of things.   But, I have long held the opinion that Windows is a  stable OS for the most part, and I know for a fact that many many root causes of cases I saw were 3rd party applications and drivers.

Anyway, to the point.   I was rebooting my Samsung Epix ( again ) the other day and was quite frustrated with the experience.  I started to think, maybe I have too many applications running.

But isn’t that part of the reason for me getting the WinMobile phones?
 

 I love the fact that I can RDP to my desktop, watch a ripped DVD , chat on IRC and play games or listen to podcasts all on the same device.   I run CORE media player, RDP desktop client, have any number of games and 3 different mobile browsers on my phone.  Is the cost for this flexibility, the stability of my phone?  If I cannot use it for its core function, a phone, but it works great as a ‘mini computer’  -- Am I OK with that? 

Here are my specs – and the apps which are on almost all the time.

·         Samsung Epix – WinMo 6.5

·         AE button plus ( runs in background )

·         Audio Notes

·         Google Maps

·         CorePlayer

·         Live Mesh

·         Newsbreak

·         Pocket IE

·         SkyFire

·         Pocket Outlook

·         ActiveSync

·         BlueTooth on for headset ( runs in background )

·         Voice Command On ( runs in background )

 

Now, I keep hearing about this Apple App store with bajillions of apps – forget the recent report that said no one uses them after the first week or so.

I asked a few co-workers if their iPhones  needed to be rebooted and if so, how often.  Most of them said almost never – then the follow up questions “ How many 3rd party apps do you run?” Almost none.

 So does an iPhone suffer from the same dilemma? How often  do you iPhone lovers users have to reboot your phone? Are you a heavy app user or more of a core system user?

Do you feel that you can ( or should have to ) sacrifice  stability for extensibility?

random thoughts on a snowy Sunday afternoon...

 

Spat

 

 

Posted by SpatDSG | 8 Comments
Monday, February 23, 2009 7:27 AM

There and back again.. the journey of a bug in ADFS

Let's look at a bug fix.. end to end.

So back in November, my friend Jim Simonet had posted a question about a problem with ADFS using ADAM as the auth store and specifying that it connect via  LDAP over SSL.

He could connect to ADAM via LDP on 636, so we knew ADAM and the certificate validation\chaining process seemed OK.
With SSL it was failing and the logs show:

 

2008-10-28T17:11:41 [INFO] Client is unauthenticated.  Attempting to collect credentials.

2008-10-28T17:11:41 [INFO] Requesting token for https://adfsweb.treyresearch.net:8081/claimapp/ with username adam@treyresearch.net.

2008-10-28T17:11:41 [INFO] InternalRST: target = https://adfsweb.treyresearch.net:8081/claimapp/, credtype = urn:oasis:names:tc:SAML:1.0:am:password, userhint = dam@treyresearch.net, store =

2008-10-28T17:11:41 [INFO] GetClaimsForUserNameWorker (LDAP): called for user adam@treyresearch.net

2008-10-28T17:11:41 [VERBOSE] GetClaimsForUserNameWorker (LDAP): Got COMException 18446744071562534970: The server is not operational.

2008-10-28T17:11:41 [INFO] AccountStoreCollection.InternalGetClaimsForUser: User adam@treyresearch.net logon handled non-authoritatively with LdapFailed by selected store ldap://adfsweb.treyresearch.net

2008-10-28T17:11:41 [VERBOSE] Processing FS response: policy version is d5a48817-e9fc-4ab6-b7ef-2d99642bbe6b - 208

2008-10-28T17:11:41 [VERBOSE]     Creds verification: AccountStoreDisplayName = ADAM Account Store

2008-10-28T17:11:41 [VERBOSE]                         AccountStoreType = LdapDirectoryType

2008-10-28T17:11:41 [VERBOSE]                         AccountStoreTypeDisplay = AD/AM Directory

2008-10-28T17:11:41 [VERBOSE]                         AccountStoreUriStr = ldap://adfsweb.treyresearch.net/

2008-10-28T17:11:41 [VERBOSE]   User Validation Info: ErrorCode = -2147016646

2008-10-28T17:11:41 [INFO] Token issuance request to FS failed: ValidationFailure

 

Note the highlighted section above.

Logging is always a good place to start, if you have the source code of course.

All of the web.security stuff  which includes GetClaimsForUserNameWorker  is in managed code.  I am still making my way through debugging managed code and am not entirely comfortable with it ( in other words I have not really done enough of it ),  I know folks who swear it is easier but if you ask me, doing this :

1.       !name2ee [Assembly name (including extension] [Class Full Namespace]. For example: !name2ee SyncBlkDeadLock.exe SyncBlkDeadLock.Form1. That is the class on which we want to place a breakpoint in one of its methods. The output will look like this.

2.       !dumpmt -md [MethodTable handle that we got from the previous command]. For Example: !dumpmt -md 0×00a8543c. The output will look like this.

3.       !dumpmd [MethodDesc handle that we got from the previous command]. For Example: !dumpmd 0×00a853d8. This is the handle for the method
SyncBlkDeadLock.Form1.Thread1Handler().The output will look like this.

4.       In the field “Method VA” we now have th method Virtual Address and we can set a breakpoint on that address.

Is not easier than this:

1.       bp foo!func

Maybe that's why I have not really dug into it much. But, to each their own. (  I know I can no longer avoid it either via debugging it, or writing it -- , much like I can no longer avoid PowerShell )  So, due to my lack of time, and general propensity to fall back on familiar tools and ways.. I figured that something is eventually going to call into wldap32.dll – either directly, or  via the slightly higher ADSI functions.

I tend to try to nail things at the lowest level. What I mean is, if I know some hunk of managed code is calling to ADSI, which is calling to WLDAP32, which is calling to the Network.. I may want to start at the very lowest level in order to at least get an idea of where things are coming from. Does that make sense? On we go.

I knew I didn’t need to catch it at the network layer, a little overkill there. So I decided on wldap32 – specifically wldap32!ldap_connect  , since this is where we connect.

This eventually returned 0x51 LDAP_SERVER_DOWN , but if I dug deeper it returned 0x35 LDAP_UNWILLING_TO_PERFORM

err.exe shows us ( http://www.microsoft.com/downloads/details.aspx?FamilyId=BE596899-7BB8-4208-B7FC-09E02A13696C&displaylang=en  )

 

C:\TEMP\Err>err 35

# for decimal 35 / hex 0x23 :

  BTH_ERROR_LMP_TRANSACTION_COLLISION                           bthdef.h

  FAT_FILE_SYSTEM                                               bugcodes.h

# Disable or uninstall any anti-virus, disk defragmentation

<snip>

  ERROR_BAD_NETPATH                                             winerror.h

# The network path was not found.

  LDAP_UNWILLING_TO_PERFORM                                     winldap.h

 

So you see – the lower ldap levels set LDAP_UNWILLING_TO_PERFORM , which got set to LDAP_SERVER_DOWN which the  ADFS logs translated into "The server is not operational".  This has long been a pet peeve of mine.  If we could only consistently maintain the REAL error returned, I think it would help a lot of folks ( IMO ) . But, there are so many layers and layers of code that this is nearly impossible and is the ROI really worth it?  How could it be implemented across so many layers?

Anyway.. OK we know that 0x35h is not a good thing, so how to find where this was set?

This take s little bit of digging, but  the windbg command “pc”  (step to next call ) help a bit and just keep an eye on error returns. Narrowed it to here..

 


ChildEBP RetAddr 
01c7e0e8 76f24d0c wldap32!LdapSetupSslSession
01c7e138 76f1786f wldap32!OpenLdapServer+0x700
01c7e158 76f1834c wldap32!LdapConnect+0x169
01c7e178 76dc457b wldap32!ldap_connect+0x26
01c7e19c 76dc43fb adsldpc!LdapOpen+0x1cc
01c7e1cc 76dc42fe adsldpc!LdapOpenBindWithDefaultCredentials+0x10e
01c7e634 712d29aa adsldpc!LdapOpenObject2+0x128
01c7e8b4 712d284c adsldp!GetServerBasedObject+0x18f
01c7ed0c 712d52f3 adsldp!GetObjectW+0x69
01c7ed38 76df1bbb adsldp!CLDAPNamespace::OpenDSObject+0x34
01c7ed90 01cdbc00 activeds!ADsOpenObject+0xb2
*** WARNING: Unable to verify checksum for system.directoryservices.ni.dll
01c7ee30 67170eb3 CLRStub[StubLinkStub]@1cdbc00
01c7ee8c 67166575 system_directoryservices_ni!System.DirectoryServices.Interop.UnsafeNativeMethods.ADsOpenObject(System.String, System.String, System.String, Int32, System.Guid ByRef, System.Object ByRef)+0x1f
01c7eee0 67166405 system_directoryservices_ni!System.DirectoryServices.DirectoryEntry.Bind(Boolean)+0x14d
01c7eef0 67167316 system_directoryservices_ni!System.DirectoryServices.DirectoryEntry.Bind()+0x25
01c7ef2c 04867375 system_directoryservices_ni!System.DirectoryServices.DirectoryEntry.RefreshCache(System.String[])+0x2e
Unable to load image c:\windows\assembly\gac_msil\system.web.security.singlesignon\1.0.0.0__31bf3856ad364e35\system.web.security.singlesignon.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for system.web.security.singlesignon.dll
*** ERROR: Module load completed but symbols could not be loaded for system.web.security.singlesignon.dll
01c7f240 04866d38 system_web_security_singlesignon!System.Web.Security.SingleSignOn.LdapDirectoryAccountStore.GetClaimsForUserNameWorker(System.String, System.String, System.Web.Security.SingleSignOn.TrustingRealm, System.Web.Security.SingleSignOn.ClaimContext, System.Web.Security.SingleSignOn.UserValidationInfo ByRef, Boolean ByRef, System.String ByRef)+0x5f5
01c7f2b4 048669af system_web_security_singlesignon!System.Web.Security.SingleSignOn.LdapDirectoryAccountStore.InternalGetClaimsForUser(System.Web.Security.SingleSignOn.ClientCredentialInfo, System.Web.Security.SingleSignOn.TrustingRealm, System.Web.Security.SingleSignOn.ClaimContext, System.Web.Security.SingleSignOn.UserValidationInfo ByRef, Boolean ByRef, System.String ByRef)+0x100
01c7f2d0 04865f4e system_web_security_singlesignon!System.Web.Security.SingleSignOn.AccountStoreCollection.InternalGetClaimsForUser(System.Web.Security.SingleSignOn.ClientCredentialInfo, System.Web.Security.SingleSignOn.TrustingRealm, System.Web.Security.SingleSignOn.ClaimContext)+0x177
01c7f3b8 0486576a system_web_security_singlesignon!System.Web.Security.SingleSignOn.FederationServerService.InternalRST(System.String, System.String, System.String[], System.String, Byte[], System.String, System.Web.Security.SingleSignOn.RSTRResult ByRef)+0x79e
<snip>


 

 

0:002> r

eax=00000000 ebx=00000000 ecx=7ffab000 edx=01742428 esi=01742338 edi=01742428

eip=76f306df esp=01c7e0dc ebp=01c7e0e8 iopl=0         nv up ei pl nz na po nc

cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202

wldap32!LdapSetupSslSession+0xf3:

76f306df 6a35            push    35h

 

Anywho – once I found where it was being set, I can see that it was examining the flags passed to it and failing based on them.

The ldap options included one or both ( I can’t  recall exactly ) of the following flags:

LDAP_OPT_SIGN
0x95

Determines the Kerberos signing state or enables Kerberos signing. The LDAP_OPT_SIGN session option should be enabled prior to binding using the LDAP_AUTH_NEGOTIATE flag. Cannot be used over an SSL connection. When used with Windows XP and Windows Server 2003, NTLM signing is also supported.

LDAP_OPT_ENCRYPT
0x96

Enables/disables Kerberos encryption prior to binding using the LDAP_AUTH_NEGOTIATE flag. Cannot be used over an SSL connection.
When used with Windows XP and Windows Server 2003, NTLM encryption is also supported.

The key of course, is the phrase "Cannot be used over an SSL connection". So , off Jim goes to file a bug,,,

In between then and now, lots of hand waving :

Then there is the PM, Dev and Test reviews, possible security reviews and much talk about WAR and customer impact etc.. but eventually we get there.

The public KB is now available:

AD FS cannot connect to an ADAM store over an SSL connection on a Windows Server 2003 R2-based server

http://support.microsoft.com/?kbid=959923

And that, is the story of that hotfix

Spat

 

 


 

Posted by SpatDSG | 0 Comments
Wednesday, December 10, 2008 7:35 AM

Joining a domain via Smartcards

http://technet.microsoft.com/en-us/library/cc721959.aspxundefined

A snip from the article:

Smart card root certificate requirements for use when joining a domain

When using a smart card to join a domain, the smart card certificate must comply with one of the following conditions:

The smart card certificate must contain a Subject field that contains the DNS domain name within the distinguished name. If it does not contain this field, resolution to the appropriate domain will fail, causing the domain join with smart card to fail.

The smart card certificate must contain a UPN in which the domain part of the UPN must resolve to the actual domain. For example, the UPN "username@engineering.corp.example.com" would work, but "username@engineering.example.com" would not work because the Kerberos client would not be able to find the appropriate domain.

The solution for both of the listed conditions is to supply a hint (enabled via the X509HintsNeeded registry setting) in the credentials prompt when joining a domain.

If the client computer is not joined to a domain, then the client will only be able to resolve the server domain by viewing the distinguished name on the certificate (as opposed to the UPN). For this scenario to work, the Subject field for the certificate must include "DC=" for domain name resolution.

To deploy root certificates on smart cards for the currently joined domain, the following command can be used:

certutil –scroots

Just a note - this has some issues unless you also deploy this hotfix..  http://support.microsoft.com/kb/957656

This is a post Vista SP1 fix..

 

Spat

Posted by SpatDSG | 0 Comments
Filed under:
Monday, November 17, 2008 7:27 AM

More fun with Kerberos and Web Sites

SPN’s.

Service Principal Names.

I am not going to go into the details of how SPN’s are used right now, see my other posts on Kerberos or go use your favorite search engine to determine how they are used.

Most of this post will relate to web sites and access to sites via Kerberos.

Scenario:

Servername: 2k8STS1.CONTOSO.COM
A Record =2k8STS1.CONTOSO.COM
CNAME record = ALIAS.BOGUS.COM

So of course, now when I ping ALIAS.BOGUS.COM it will hit 2k8STS1.CONTOSO.COM

Now – from IE, when I type in HTTP://ALIAS.BOGUS.COM , what SPN will be in the ticket request?

clip_image002

How come it was not ALIAS.BOGUS.COM ?

If you want it to use the name as typed into the browser, for the TGS_REQ, then you need to apply http://support.microsoft.com/kb/911149 ( 2k8 already has the code to honor it so all you need is the reg key )

And create the key = FEATURE_USE_CNAME_FOR_SPN_KB911149

Afterwards IE will use the CNAME for the SPN in the TGS_REQ.

clip_image004

The other item you may want to be aware of is :

http://support.microsoft.com/default.aspx/kb/908209

From the KB:

Internet Explorer 6 cannot use the Kerberos authentication protocol to connect to a Web site that uses a non-standard port in Windows XP and in Windows Server 2003

You have two Web sites that have different ports and identities. These two Web sites are running on the same computer. For example, Web site 1 runs on port 80 under identity "id1" and Web site 2 runs on port 81 under identity "id2”.

• Both the Web sites use Kerberos authentication protocol version 5.

• You use the Setspn utility to declare the Service Principal Name (SPN) for Web site 2.

• You use the same host name to connect to Web site 1 and to Web site 2. You use Microsoft Internet Explorer 6 to make this connection.

For example, you use http://examplewebserver to connect to Web site 1 and http://examplewebserver:81 to connect to Web site 2. In this example, you use the same examplewebserver host name to connect to both Web sites.

In this scenario, Internet Explorer 6 can use the Kerberos protocol to connect to Web site 1. However, Internet Explorer 6 cannot use the Kerberos protocol to connect to Web site 2.

 Have fun.. spat

 

Posted by SpatDSG | 1 Comments
Filed under:
Tuesday, November 11, 2008 8:51 AM

James saved me many hours of pain..

 

Gotta love the internet. The Tubes.

I was trying to install\reinstall IIS in Windows Server 2008 and it would not install.

 

Web Server (IIS)
   Error: Attempt to install IIS Management Console failed with error code 0x80070643.  Fatal error during installation
   Error: Attempt to install Static Content Compression failed with error code 0x80070643.  Fatal error during installation
   Error: Attempt to install HTTP Logging failed with error code 0x80070643.  Fatal error during installation
   Error: Attempt to install Static Content failed with error code 0x80070643.  Fatal error during installation
   Error: Attempt to install Directory Browsing failed with error code 0x80070643.  Fatal error during installation
   Error: Attempt to install HTTP Errors failed with error code 0x80070643.  Fatal error during installation
   Error: Attempt to install Request Monitor failed with error code 0x80070643.  Fatal error during installation
   Error: Attempt to install Request Filtering failed with error code 0x80070643.  Fatal error during installation
   Error: Attempt to install Default Document failed with error code 0x80070643.  Fatal error during installation
   The following role services were not installed:
   Web Server
      Common HTTP Features
         Static Content
         Default Document
         Directory Browsing
         HTTP Errors
      Health and Diagnostics
         HTTP Logging
         Request Monitor
      Security
         Request Filtering
      Performance
         Static Content Compression
   Management Tools
      IIS Management Console

Before I spent any number of hours tshooting this , I decided to hit the internet with a quick search. I held out little hope of finding a resolution for such a horrid looking error.

But - within 2 links I hit on this one -- http://social.technet.microsoft.com/forums/en-US/winserversetup/thread/1486efdd-1dbb-477a-9c9e-af8a8fb81c24/

Hoorah!!

 

Here's to you James B White from   C.S.H. Consultants Pty Ltd.  - your attitude of "This has been raised before, however that person opted for a reinstall before it got anywhere. I really dont want to do that."  saved me a boatload of time this morning.  Thanks to you,  I fixed it between eating breakfast and brushing my teeth.

One more thing - just in case the link above goes away - here was James resolution:

 

  • de-feature "WAS" Windows Process Activation Service (note it deleted more of the IIS roles or said it was)
  • re-role IIS7 & IIS6 and all subroles - worked okay
  • re-feature "WAS" Windows Process Activation Service - worked okay 

    •  

    Spatdsg

     

     

    Posted by SpatDSG | 2 Comments
    Filed under:
    Monday, October 20, 2008 7:40 AM

    Honey, I lost the (private) keys -- EFS keys missing?

     

     

    Interesting  EFS issue the other day..

    Customer was rolling  out EFS so they set up DRA's and this worked great. When they encrypted files the DRA's  showed up just fine in the file information. However, when they went to decrypt a file via the assigned DRA account – it failed to recover the file.

    Efsinfo.exe showed:

    Users who can decrypt: 

          CUST\bob (bob(bob@CUST.com)

          Certificate thumbprint: A453 6DE7 2AB7 93EA DF34 D30E F542 FEF5 960E 56EF

    Recovery Agents: 

      Unknown (DataRecoveryAgent1(JOE1@CUST.com)) 

        Certificate thumbprint: F456 453E F3E2 876A A435 5633 BF5A F45E F5DF 6C0B  

        Unknown (DataRecoveryAgent2(JOE2@CUST.com)

        Certificate thumbprint: FE23 4553 367E B94F 6F42 ED8F E3FB FEC5 C27D B32A

     

     

    The user had the certificate imported to the user’s store:

    Note the thumbprint ( hash )  shows on the file and is the same cert in our store.

     

     

    certutil -store -v -user MY "F456 453E F3E2 876A A435 5633 BF5A F45E F5DF 6C0B"

    ...

      CERT_KEY_PROV_INFO_PROP_ID(2): 

        Key Container = {A1D09078-2F06-48B3-94EC-6DD4589068BC}

     

        Provider = Microsoft Enhanced Cryptographic Provider v1.0

        ProviderType = 1 

        Flags = 0

        KeySpec = 1 

     dbd967c49d609634bf2397ff5ef4c1b7_8e2fe22f-67c1-46eb-8b31-11c519c0cc77

     

    Private key is NOT exportable

    Encryption test passed

     

     

     

    When you see  “Encryption test passed”   displayed by certutil.exe, this means that it successfully encrypted data via the public key and decrypted the data via the private key .

     

    This is typically a good test to determine if you have access to the private key and you can use it.  But, in this case the decryption\recovery was still failing.

     

    Unfortunately, there is no logging in the security subsystem to determine why it was failing the recovery. After a debug  we could see that it was failing in CryptAcquireContext with error 0x80090016  NTE_BAD_KEYSET

     

    MSDN documentation states:

    NTE_BAD_KEYSET( 0x80090016L )

     

    The key container could not be opened. A common cause of this error is that the key container does not exist. To create a key container, call CryptAcquireContext using the CRYPT_NEWKEYSET flag. This error code can also indicate that access to an existing key container is denied. Access rights to the container can be granted by the key set creator by using CryptSetProvParam.

     

    So why was certutil.exe able to encrypt and decrypt using this key?

     

     

    Turns out that certutil.exe uses CryptAcquireCertificatePrivateKey whereas other code ( the EFS code ) goes  to the certificate property, get the keyprovinfo, calls CryptAcquireContext with the CSP name and key container name.

     

    typedef struct _CRYPT_KEY_PROV_INFO {
      LPWSTR pwszContainerName;
      LPWSTR pwszProvName;
      DWORD dwProvType;
      DWORD dwFlags;
      DWORD cProvParam;
      PCRYPT_KEY_PROV_PARAM rgProvParam;
      DWORD dwKeySpec;

     

    } CRYPT_KEY_PROV_INFO,
     *PCRYPT_KEY_PROV_INFO;

     

     

    Now, if the CRYPT_KEY_PROV_INFO is incorrect, or the container is incorrect this will fail.

     

    In order to correct this information we ran:

                    certutil -repairstore -user MY "F456 453E F3E2 876A A435 5633 BF5A F45E F5DF 6C0B"

     

    The  –repairstore fixed  the problem of an incorrect container and we then can decrypt the files correctly.

     

    Unfortunately, I never did get more information as to why or how we got into this state.. too bad.  If someone runs into this and feels like helping me out – shoot me mail BEFORE you try and fix it like this J

     

    Thanks!

     

    SpatDSG

    Posted by SpatDSG | 0 Comments
    Filed under:
    More Posts Next page »
     
    Page view tracker