Microsoft Updates Crippling Windows 2003 Servers

The updates bug I described in Windows XP back in October is now also locking up server computers.

I’ve had it with this.  Microsoft has clearly lost control of its security patches.

As of today, I am disabling Automatic Updates across the board; all devices and all versions.  Up-time is more important to me than monthly patches.

Microsoft Updates Crippling Windows XP

Screen shot of the related Neowin article
Check out the comments on this website.

As reported at Neowin, your Windows XP computer may be locked up due to bad updates being sent by Microsoft.  Two of mine were 🙁

The solution, which I found in the comments section of that article, tested, and confirmed on my own computers:

  1. Disable the Automatic Updates service.
  2. Stop the Automatic Updates service (reboot if necessary but do not kill svchost.exe)
  3. Install the correct update from Microsoft.  That link is for computers with IE8 only.  For older versions, check the article I mentioned above.
  4. Reboot the computer.
  5. Reset the Automatic Updates service to automatic and start it. (If you want more updates.)

This is a truly shameful problem for Microsoft’s reputation.

December 7, December 11, More Problems

The subsequent updates released by Microsoft have caused the same problem to occur again.  I’ve updated the link above with the newer patches.

To find newer patches, you have to do a complicated search at the Microsoft Download Center.

Per my latest article about Windows servers, I am now recommending everyone disable the Automatic Updates service on all Windows-based computers.

MySQL Password Errors at BlueHost

Since August 12 (about two weeks now), I was getting this error from the MySQL program mysqldump:

Warning: Using unique option prefix pass instead of password is deprecated and will be removed in a future release. Please use the full name instead.

I’m not sure what changed or what got upgraded, but I was able to track down the problem.  It has nothing to do with command syntax.

In the account directory, which is the one with the account name, one level above public_html, or just “~” on the command line, I found a file named “.my.cnf” with the “pass=” option in it.

To fix the problem, find that file and change “pass=” to “password=”.

I have also forwarded this information to the BlueHost help desk.

Manual Duplex Print in Windows 8

Acrobat print dialog for back sides
Print Back Sides

Among the many problems in Windows 8 is the poor driver support offered by Hewlett Packard.  The drivers are hard to find, do not install correctly if at all, and lack many features compared to older drivers.

HP dropped manual duplex printing support for Windows 8, which means it’s now up to each application to add this functionality.

In Adobe Acrobat, this can be done with some care and attention to detail.

Step 1:  Load Paper Upside Down

When duplex printing manually, some types of laser printers give different results depending which side you print first.  If you print the “front” side first and then the “back” side, you might end up with curled paper.  To avoid or prevent this, you will have to flip the blank paper over and print the “back” side first.

Due to the way paper is manufactured, it always has a grain direction, a concave side, and a convex side.  Usually the grain is in the direction of the longest edge, and the concave side of the ream of paper faces the package seam.  This can be determined by standing the paper on its short edge and watching which way it tends to curve, or by simply experimenting with which side gives the best results.  If you normally print on the concave side of the paper, then that is what I mean by the “front” side.  Printers are normally designed to use the concave side as this prevents the document from going limp in your hand when you hold it from the edge.

Continue reading Manual Duplex Print in Windows 8

Client Certificate Authentication in IIS 6

Client certificates are a cool technology that, once setup, eliminate the need to use your password on your own website from your own devices.

This article wont run through the entire procedure for setting up a web server, Windows domain, file permissions, server certificates, or a certificate authority.  I just want to convey some of the configuration pitfalls that exist in IIS 6.

Step 1: Enable Client Certificate Mapping

The IIS Secure Communciations dialog box
Start with these settings.

Continue reading Client Certificate Authentication in IIS 6

Windows 8 Network Browsing Problems

Screen shot showing the Advanced Sharing Settings area of the Windows 8 control panel.
Check if these are disabled.

Network browsing in Windows has always been a fragile system plagued with bugs and configuration pitfalls.  If you’ve arrived at this page to find a solution, rest assured you are not alone.

I recently encountered a Windows 8 problem where the “Network” folder only showed the local computer and file shares.  When trying the “net view” command, the response was “A remote API error occurred.”  Not at all helpful, is it?  The Windows 2003 domain controller was not experiencing any problems, and the Windows 8 computer showed up normally on the server.

Symptoms Identified December 8, 2013

After struggling with this dysfunctional operating system for seven months without a solution, I found the pattern that would help identify the main problem.

With only Windows XP and Windows 2003 machines on the network, everything works fine.  Computers can see and browse each other without any problems.

With only Windows 8 and Windows 2003 machines on the network, network browsing may or may not work, depending on the Windows 8 network client configuration.

In a mixed environment of Windows XP, Windows 8, and Windows 2003 machines, the Windows 8 machines are sometimes able to browse the network.  However, once the Windows XP machines are shut down, the Windows 8 machines are never able to browse the network.

Once I had all these variables figured out, I came up with a list of settings that are compatible across all versions.

Continue reading Windows 8 Network Browsing Problems

Cloud Calendars

Personal Information Management (PIM) remains one of the most vital uses of personal computing in the 21st century.  Gone are the days of using index cards for addresses and needing to handwrite recurring appointments on calendars.

I recently switched to for appointment management, and I feel it is the best product currently available. It happens to be free, but I’ve also evaluated premium options.

I am now a former Google Calendar user. I was experiencing major synchronization errors in the Google product. Problems came to a head last month when Google announced the discontinuation of the feed aggregator Reader, throwing my calendar updates into chaos. (This might sound unusual, but some of my appointments are delivered to me by an RSS-only service, and I have to use it. I’ve switched to Tiny Tiny RSS to replace Google Reader.)

Here are the features I’m using from

  • Two-way desktop calendar synchronization (using Outlook)
  • Two-way iPad calendar synchronization (using built-in calendar)
  • Mobile web calendar
  • Desktop web calendar

Continue reading Cloud Calendars

PHP Array Assignment and References

This is a quick explanation of some more referencing quirks in PHP.

Let’s say you need to store an array in a specific variable so that another variable can be freed up and overwritten with different information.  [To clarify, this array may be very large and copying it would be detrimental to performance in this particular application. For small arrays, copying and not referencing may be preferable.]

The operation for referencing the array with a new variable is quite simple:

$array_goes_here =& $need_to_free_up_this_var;

The code above will reference the array to prevent PHP from making an unnecessary copy of the whole thing.

Now here’s what you have to avoid:

$need_to_free_up_this_var = array(); /* wrong! */

Continue reading PHP Array Assignment and References

How to Secure iPad VPN with Windows L2TP

VPN diagram showing both Windows and iPad remote clients.
Different protocols for different clients.

Back in August, I mentioned the importance of disabling most versions of PPTP for security reasons, and included my own tutorial for How to Secure a Windows VPN with PEAP.  That solution works great for Windows, but is not compatible with iPads.

Now I will offer a solution that works great for iPad, but may not work on Windows computers.  In addition, I will explain how to get the two solutions to work together securely so that both Windows and iPad computers will be able to connect to a Windows VPN simultaneously without using the insecure versions of PPTP.

The Layer 2 Tunneling Protocol (L2TP) is an obvious choice for the iPad because it is the only supported protocol other than the insecure PPTP option.  On the server side, however, there are some implementation nuances that could easily discourage the use of L2TP.  I took the time to research L2TP in more depth before writing this article, because I felt that a generic recommendation could leave readers totally confused about the security issues involved.  So before delving into a new tutorial, I want to explain two new concepts:  L2TP Pre-Shared Key, and L2TP NAT Traversal.

NAT Traversal could be a major concern for any L2TP implementation, because Microsoft wrote a very technical and rather intimidating knowledge base article called IPSec NAT-T is not recommended for Windows Server 2003 computers that are behind network address translators.  If you’ve seen that article, I want to assure you that the Microsoft recommendation is not relevant here.

A careful reading of the Microsoft recommendation against NAT-T will reveal that the underlying security problem with NAT-T is not a server problem but a client problem.  In other words, Microsoft recommends that Windows XP computers not attempt to use NAT-T to connect to privately-addressed servers.  The Windows 2003 server itself fully supports NAT-T out of the box and doesn’t even need to be configured to use it.  This is perfect for iPad users, because iPad also supports NAT-T out of the box, and this almost eliminates the address translation challenges of using L2TP.

Continue reading How to Secure iPad VPN with Windows L2TP

UPS Replacement and APCUPSD for Windows

After replacing a UPS device, Windows may automatically delete the APCUPSD USB driver.  When the computer boots up, the tray icon status will say “Network Error” and three errors will be logged in the Windows Event Viewer.

To restore APCUPSD to online status, simply re-install the USB driver by following the manual installation instructions.  That information can be found in the program directory.  For example, C:\Program Files\apcupsd\driver\install.txt  In a nutshell, you need to look in the system’s Device Manager.  If there is an item in the Human Interface Devices group named “American Power Conversion USB UPS” then the desired driver is missing.  Right click that item, click “Update driver” and then pick the correct driver.

After restoring the driver, restart the APCUPSD service by using the “Start Apcupsd” shortcut in the Start menu, or by using the Services administrative tool.

Continue reading UPS Replacement and APCUPSD for Windows