Archive

Archive for April, 2010

Setting IP addresses on a UAG DirectAccess Server

2010-Apr-30 3 comments
NOTE:
I have written a much more comprehensive guide on UAG DirectAccess that you can find on my Concurrency Blog. This particular article has also been updated and can be found there as Part 1 of the series.

DirectAccess is pretty cool stuff, but getting started with it might send your head spinning if you haven’t done it before. One of the first things you need to do before configuring DirectAccess is to correctly set up the IP addresses of your server.

I will assume you are not using IPv6 for anything else right now. This TechNet article is a good starting point.

Your UAG server will act as an entry point into your network from the outside Internet, so you need two network interfaces. One will be connected to your network (AKA Internal NIC or Inside Interface) and the other will be conencted to the Internet or perhaps to your DMZ (AKA External NIC or Outside Interface). Here’s a few things to focus on when setting up your IP addresses.

Remove the gateway from the Internal NIC

The Gateway needs to be set on the External NIC so that all traffic that is not bound for something within your Windows Domain is treated as “External” and gets routed through its outside interface (its own internet connection).

Add Static Routes for any private subnets to the Internal NIC

Because the External NIC gets the gateway setting, the Internal NIC should NOT have a default gateway. But what if you have multiple subnets or VLAN’s in your domain? Without a gateway on the internal nic, your server will not be able to talk outside of it’s own subnet. You fix that by defining persistent static routes on the Internal NIC. Any traffic destined for an IP within the range of a defined route will traverse your Internal NIC and anything else will go through the default gatewate (aka default route).

I like to get the list of Subnets as shown in the AD Sites and Services MMC and then run the command below for each one. NOTE: In slash notation a /16 is 255.255.0.0 and /24 is 255.255.255.0. All routes get “metric 1” and -p makes it persistent.

> route add [NETWORK] mask [SUBNET] [GATEWAY] metric 1 –p

So if your UAG server has an internal IPv4 address of 192.168.1.50 and uses 192.168.1.1 as it’s gateway, but you also have a 10.10.0.0 network, you would add it like this:

> route add 10.10.0.0 mask 255.255.0.0 192.168.1.1 metric 1 –p

Set the IPv6 Address to the HEX of your IPv4 address

If your network is 100% IPv4, meaning all your IP addresses are the traditional “dotted quad” a.b.c.d style, then you do not have any IPv6 addresses to worry about and it means you will be using ISATAP (see here). This seems to be the most common scenario (this TechNet article calls it “Scenerio #3” actually). That scenario also states that you will not need to assign an IPv6 address.

However, you must leave IPv6 enabled, and that leaves it seeking out a DHCP server, so I still like to assign an address. The confusing bit is how do you know what IPv6 address to use? The quick way is to sort of convert your IPv4 address and you can do that using the converter at SubnetOnline. You want to know how it works? You take your IPv4 address, convert each octet into it’s Hexadecimal value (here’s a tool for that). Then combine those values with a prefix of fe80::5efe. For example, let’s use 192.168.1.50.

So 192.168.1.50 becomes fe80:0000:0000:0000:0000:5efe:c0a8:0132. An IPv6 address is made up of eight groups of hexadecimal quartets separated by colons. This constant allows some tricks to be used in order to reduce the length of an IPv6 address for us humans to read. It’s called Shorthand notation when you eliminate all leading 0’s and completly omit groups that are all 0’s. So fe80:0000:0000:0000:0000:5efe:c0a8:0132 becomes fe80::5efe:c0a8:132 but means exacly the same thing. You can read more about IPv6 notation at IPv6.com it and ISATAP on Wikipedia.

No DNS on the External NIC

Make sure the Internal Interface is the only one configured with DNS servers and do not register the external interface with DNS. Also, uncheck File and Printer Sharing for Microsoft Networks, uncheck Client for Microsoft Networks, and from the advanced settings you should uncheck NetBIOS over TCP/IP.

Change Binding Order

I am not sure this makes much of a difference really, but while troubleshooting another issue with Microsoft, they had me change the binding order under the Advanced Settings of the Network Connections Control Panel. Just hit Alt to bring up the Advanced menu, select Advanced settings and then move the Internal NIC to the top of the list.

Once you have this done, the last thing you need to do (or perhaps first thing you should have done) is to make sure the nics are actually attached to the corret network. Ensure that the routing on your switches and gateways is set up correctly and if you’re using a VM that your virtual networks are configured correctly to allow access to the two network segments.

Now you can move on to actually configuring DirectAccess itself.

Note: Jason Jones, a Forefront MVP, also has a good post on this topic.

Categories: DirectAccess, UAG Tags: , ,

BITS and SCCM Software Updates

2010-Apr-21 1 comment

Recently I had an SCCM client with several errors related to WSUS 6703 saying something to the effect of “License agreement not ready” or “Failed to sync some of the updates”. After making sure that the WSUS server was set to save the update files locally and the various folders has the correct permissions, I started looking into some of the other log files.

Now I should segway for a moment here and suggest, strongly, that you use the Trace32 utility which is part of the System Center Configuration Manager 2007 Toolkit. It will add years to your life. Honest.

Looking at C:\Program Files\Update Services\LogFiles\SoftwareDistribution.log I saw errors like this:
Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.

Here’s a good KB article on that topic.

I wanted to test this outside the context of SCCM, so I dug around a bit until I discovered BITSAdmin.exe. This awesome app is baked right into Vista, Windows 7 and Windows Server 2008 so there nothing to install, just run it. And it’s easy too:

> BITSAdmin /TRANSFER test http://somesite.com/path/to/file.exe d:\download\file.exe

When it’s working it looks like this:

When it’s not, you might see something like this:

In the end, the fix was to modify the client’s Fortigate firewall and re-run the Update Sync (twice) and then then errors were gone.

Video Playlist in MediaCenter

2010-Apr-05 3 comments

I have a couple videos that would be really nice to have in a Playlist for use in Windows MediaCenter. For example, I have some cartoons that are really short and I just want to play them all back to back. Also, my wife has some exercise videos that can be played in different orders depending the intensity of workout she wants to do. Rather than remembering which videos go in which order, she just wants to select the set for that day and get to sweatin’! There is a mechanism built into MediaCenter for building playlists for music, but how do you do this for videos? It’s simple, and you already have the tools to do it.

You start out by making a playlist in Windows Media Player (NOT Center). Just open Media Player and select “Playlists” on the left side. Now you can drag the video files into the right column where it says “Drag items here” in bold. You can drag files from within Media Player or from Windows Explorer if you like.

Once you have your playlist set the way you want, click the small “List Options” button in the upper right corner and select “Save List as…”

When saving the playlist, make sure you select “Any Playlist” as the type and change the file extension to “.ASX” This is required since MediaCenter, for whatever reason, does not understand any other kind of playlist.

You can put this file wherever you want, but you probably want to put it someplace that MediaCenter can find it. Your Videos library is good place to start.

In my case, I did not get a thumbnail, and it doesn’t show how long the playlist is, but it does play the videos one after the other.

Advanced tip: You can edit the .asx files in a text editor like Notepad and change some settings manually. One thing I like to do is adjust the path to my video files so they are relative to the location of my playlist as opposed to absolute paths. This lets me move my videos and playlists or read them from different computers and they still work.

If you think this process is a little too manual or “hackish”, there is a utility out there called “Windows 7 Media Playlist Creator” written by mbcrump that looks pretty straight forward to use but I haven’t tried it so I can’t really vouch for it.

Categories: MediaCenter Tags: ,