- Hyper-V continued
-
Just wanted to give a brief update on using Hyper-V. I can’t seem to find a reason to not use it. Right now I can run all my different machines, at any time and when needed, and do everything I need to do for work. I can also keep things separated so that I don’t have unnecessary bloat and programs on my machines.
The other thing that I am using a lot of is being able to Terminal Server directory to the VM’s. Sound wasn’t working for me using the standard way of connecting. So I just remoted in, and now sound works great. And since it is so close by, even video doesn’t seem choppy to me through Terminal Server.
I still stand by my statements earlier about what Hyper-V is good for, Hyper-V part 2, but I am finding less and less reason to not use it.
The other really important thing to keep in mind. I am just running a since physical machine. This has a bunch of implications. For example, my small UPS is just find for keeping all these machines up and running (it is one that just can handle a single machine and monitor). Also, it is saving electricity as I just have the one machine running. Before that, I would use 3 and sometimes up to 5 machines at any given time.
I think this is a great solution for most any business situation. It will also allow me to install beta versions of products (Internet Explorer 8 for example) without having to worry about what will happen to my machine. I’m off to go find some new cool Beta or earlier programs to install.
- Do you think about supportability?
-
So I wanted to get a read on how people design their web sites. My thinking is that there isn’t much time spent in planning for supportability. There are a lot of other concerns that take priority, What is more important – Design or Content.
I believe that supportability isn’t the most important piece of a web site, but it should be A part. So my questions are:
- is supportability a component for your team?
- How much do you consider it?
- What do you use to fill this piece?
- How do you prepare for malicious attacks? (including making sure you have enough log information to track them down)
I’d like to hear how people prepare their sites for these problems.
- ASP.NET Tips: DumpAllExceptions output changes
-
The first time you run !DumpAllExceptions you will see it print out one full exception for each type of exception that is in the dump. This will include the message and the callstack of the exception. For example:
Any time after that, if you run the same command, there is a chance that it will print out something different, like:
In this example, you can tell they are different because of the InnerException address. Sometimes it will be more obvious then this.
What is happening here? Well when the list of exceptions is built, the first time through, we will print out one exception that is found in the dump as an example of that type of exception. But the list isn’t sorted yet. When you run it again, we will sort the list and so the one that we pull out to print may be a different one.
This is just meant to give you an idea of what these exceptions may be. If you want to really look into them, you can use the -v switch which will print out all of the exceptions instead of grouping them by exception type.
- ANSWER: POP QUIZ: What are Free Threads in the Threadpool
-
So I was hoping to get some more comments to this before posting the answer but I guess that isn’t going to happen.
The minFreeThreads and minLocalRequestFreeThreads are very important settings when it comes to how much load your webserver can handle. So the whole situation is this.
You can get a good overview of the settings from my post, Hangs and how to solve them - part 2 – Queuing. In there I give the recommended values in the “How to fix queuing” section.
There is a great write up on this here. But to summarize, these control the amount of threads that are available to do work other then aspx requests. So callbacks, timers, web service calls. They all run on the threads “reserved” by this setting. So if you have maxWorkerThreads set to 100 on a single processor machine and minFreeThreads set to 88, that means 12 threads can run aspx requests at the same time and 88 threads are available for web service calls, timers, etc. That last link also has the perfmon counters to monitor to make sure things are running smoothly.
Now for the extra credit, one time you would want to change these is if you make more then one web service call on each aspx page. That is what the settings are geared towards. So if you did, you may want to make more threads available for the web services to run on so that wasn’t causing you a bottleneck.
- Windows Home Server update
-
Monday morning the Windows Home Server Power Pack 1 update package and release notes went live on the Microsoft Download Center. This is great news to anyone that has been using this product.
Power Pack 1 fixes the data corruption bug as well as delivers significant new functionality including:
- x64 support for home computers running Windows Vista
- Home Server Shared Folder backup
- Improved remote access experience
- Improvements to power consumption and performance
- Localization support for Japan and China
This was announced on the HomeServer blog, Power Pack 1 - come and get it!.
Please get this update if you use Windows Home Server and see how it works for you. Hopefully this will keep the product stable for a long time.
- BLOG CHAT RECAP: SQL Injection
-
We had a good chat on Friday and I think we got most, if not all, of the questions answered in regards to SQL Injection.
For those of you that missed the chat, check out the transcript here.
If there is anything that we missed, please feel free to let me know. Hope that everyone enjoyed the chat and we will look at having another one in the future on another topic.
- ASP.NET Tips: Loading a DLL out of the bin directory
-
Question
A customer has created a web project which references a class library project. When deployed to the local machine the web/classes all work fine. When deployed to a ‘shared’ IIS site, the class DLLs exist in the /bin folder, but the web page generates an error:
can’t find file “Documents and settings/….”
when trying to access the class DLL.
Is there a special setup to make the web pages look in its /bin folder?
Answer
There isn’t usually anything needed in order to make this scenario work. But if it isn’t working for you, there are two choices here. If you are in ASP.NET, most likely the cause is that you don’t have the following entry in the machine.config prior to 2.0 and the root web.config file (in the same folder as machine.config) for 2.0 and later:
<compilation>
<assemblies>
<add assembly="*"/>
</assemblies>
</compilation>
The other way to do this, if you aren’t using ASP.NET, is to add the bin directory to your path for the application. The way this is accomplished is with the probing element:
<configuration>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<probing privatePath="bin;bin2" />
</assemblyBinding>
</runtime>
</configuration>
This is documented here: <probing> Element
There has been a situation where neither of these worked. We are still researching that situation and I will update this post when we have another solution.
- BLOG CHAT: SQL Injection – Today
-
Just a quick reminder that our blog chat on SQL Injection is today at 2:00 PM EST or 11:00 AM PST. Hope to see everyone there. You can get to the chat here: MSDN Online Chat
Or you can add the Outlook reminder: Add to Calendar
Look forward to talking to everyone.
- Terrarium anyone?
-
Not sure how many people remember the old Terrarium application, but it is making a comeback. This time, as a project for and by the community.
You can get more information on the background and what this application is by reading Reintroducing Terrarium, now with 2.0 goodness! This is also mentioned by the Windows SDK folks on their blog, .NET Terrarium 2.0 source code now available! and Scott has posted Learning Opportunity - .NET Terrarium is back!
As you may have guessed from the title of that last post, this is now a codeplex project meaning you will have access to all the source of the project and be able to help shape the future of it. The first link above has a list of initial updates that they are considering but since it is up there now, who knows where this project will go.
This is a great opportunity to get to look at some very useful .NET code and see how these concepts can be put to use. I invite everyone to take a look and hopefully learn something from it.
If you want to see a sample of how to write a creature and debug in VS, check out Terrarium .NET: Introduction to Creature Development and Debugging Terrarium with the VS IDE but keep in mind, these are 5 years old.
One more side-note, there is now a Public Terrarium Server Available.
- Software Applications, the targets of vulnerabilities
-
I was just reading Soma’s blog post How vulnerable are software applications? and it really makes you think about how and what you create as an application designer. According to a 2005 FBI survey, U.S. businesses lost $67.2 billion because of cyber crime, estimated in 2006 were $49.3 billion.
While these numbers are staggering in themselves, in our June 2007 Microsoft Security Intelligence Report, we see that less then 10% of these vulnerabilities were targeted at the Operating System. All the others were targeted at the application layer.
I would strongly suggest you read through Soma’s post as there are some very valuable pieces of information in it. Including what Microsoft is doing to help fight against this using our Microsoft SDL (Security Development Lifecycle).
The best thing that you can do at this time is make sure you are educated as best as you can on what you can do in your corporation to help fight cyber crime.
There are some great tools online other then the SDL. Here are a few that I have found useful:
- Windows Internal Beta Exam 70-660
-
I wanted to pass along some really exciting news if you haven’t heard about it yet, we are getting ready to release a new certification that targets developers and IT professionals who need to know about the internals of Windows for their job. You can read all about the exam and how to register for it on Windows Internals Beta Exam 70-660.
This is a very exciting exam and it applies to a lot of different people and can be very useful and prove that you know Windows inside out.
- What is more important – Design or Content
-
So I have often wondered about the priorities that are going into site design these days. I know everything is important, but if you had to rank things, what would be the most important thing?
The big debate I see comes down too, is it more important to have a lot of great data. Or is it more important to present that data in a way that leaves the user feeling like wow, that was a cool site?
Both are important, but I think that the design is kind of like a short-term attraction. It will wow them the first time or two, but after that, you really have to have some great data to keep them coming back. And I have been on a number of sites that have terrible layout, but the data is so good, you keep coming back.
I see blogging and RSS and things like that as more proof of this. These things allow data to get out very quickly without the need to really setup the UI and make everything look perfect.
So what do you think? What is more important to you? Here are the things I’d like to hear about…
- Think about what brings you to a new site and makes you want to explore it
- What brings you back to a site you have already been to
- What makes a site one that you want to bookmark
- Are there any common themes with sites you are interested in (no talking about the actual content) like style or design
Thanks, and look forward to hearing what people think.
- Debugging ASP.NET on a Production Server 101
-
So I thought I would put all the information together in one place that I have been creating over the past few months. I’ll try to go through all the steps and the different things that you will need to use in order to track down a problem.
Realizing there is a problem
So the first step is finding out there is some kind of problem in the first place. There are a number of methods that you could use to find this out:
- Visitor of your web site reports a problem
- Review Event logs and see some entries in there regarding an issue
- Monitor Perfmon and see values that are out of acceptable values, like described in ASP.NET and Performance
- Other means (reviewing logged data, receive email, etc)
Determine the problem type
Once you know there is a problem, the next step really depends on what the problem is. It could be something as simple as checking to make sure the network cable is connected properly.
Once you know the type of problem, then you can follow the steps I have laid out to troubleshoot it.
Gather data
The first thing would be to gather the correct data to see what is happening. You can follow this link to see the full list of issue types and how to get the correct data for each, ASP.NET Tips- What to gather to troubleshoot. If you come across a situation that isn’t covered here, please let me know.
There are some other ways to get data, for example, ASP.NET Debugging - ASP.NET Tips- How to use DebugDiag to track down which is for performance problems.
Debugging the issue
So now that we have the data we need, it is time to analyze it. This can be a difficult task depending on the scenario that you are dealing with. There is a lot of documentation around about using SOS and Windbg to troubleshoot things. That is the best means as you can always track down what is happening. For more help on actually tracking down the problem from the data, I would suggest looking at my blog for the particular issue you are having. I have many posts that help with the situations:
If all else fails, you can always look at the Debugging or SOS tags to find a whole lot of information.
Additional Information
So what if you don’t have a problem and just want to learn about these steps and tools? Well, one way would be to read through the various information found here. Another way would be to actually go through some of it. Tess has some great debugging labs around this stuff that you can find here. You may also want to look at her 21 most popular blog posts.
- Unable to use Session State Server
-
Issue
ASP.NET site running under .NET 2.0 has the following setting in web.config:
<sessionState mode="StateServer" stateNetworkTimeout="10"
cookieless="false" timeout="30"/>
When the application attempts to use the session cache, the following exception is thrown:
HttpException (0x80004005): Unable to use session state server because this version of ASP.NET requires session state server version 2.0 or above.
This exception occurs the very first time the session cache is used after the application is published to the server, after IIS is restarted, or after the application pool recycles. Subsequent uses of the session cache after the first exception is thrown do not result in an error. The session cache continues to work properly until the next application re-publish, IIS restart, or application pool recycle.
Cause
ASP.NET State server uses HTTP Requests to manage the session state requests. When sending the response back to the Web application the state server should be including a header":
X-ASPNet-Version: 2.xxxx header
The Session State Server reads this header, and checks to see if the major version is < 2, if so it will throw the exception.
In one case we had with a customer, the header is never being returned. It is never being returned because in the <httpRuntime> Configuration section they had:
enableVersionHeader = “false”.
Now, why did this only happen for the first request? Well, in the very first request to our state server, we check to see if we already know the state server version by comparing to -1. If not, we check the version during the response. While we are checking the version upon response we set the version to 0 which prevents us from checking the version ever again, since it isn’t -1.
- BLOG CHAT: SQL Injection
-
So finally all the details have been worked out. We are going to have this chat on Friday July 18th. At 2:00 PM EST. That is 11:00 AM PST.
Shortly I will have a link where you can add a reminder to your calendar about this chat. It will be handled a little different from the last one. Since I am anticipating a lot of people to want to join this chat, I am going to use the MSDN Online Chat. This is a bit different from the last one, but I don’t think we will have any problems using it. It is a very nice chat interface.
| SQL Injection and What To Do About It
SQL Injection is a rather hot topic currently, this chat is designed to answer the questions people have and help people to avoid the problem. We hope to cover best practices and offer advice to help ease any pain being seen. This is meant to answer as a question/answer chat so please bring your questions to us. Add to Calendar |
I will update this post as soon as I have the link to add this to your calendar. But you can go to the link above and find the chat on the 18th even without the reminder.
Hope to see you there !
