EzDevInfo.com

What causes duplicate ACK records?

We're reviewing Wireshark captures from a few client machines that are showing multiple duplicate ACK records which then triggers retransmit and out-of-sequence packets.

These are shown in the following screen shot. .26 is client and .252 is server.

What causes the duplicate ACK records?

More background if it helps:

We're investigating network throughput concerns at one particular client site. The perceived issue from a user interface perspective is that data is being transmitted slowly despite an underutilized 1gbps WAN connection.

Almost all of the client machines have the same issue, tested at more than 20 machines. We did find two machines that do not have the problem. We're in the process of identifying what is different in their configuration. We did notice that in the two machines that do not have the problem, we only ever saw at most one duplicate ACK record. The machines that have the problem usually have three duplicate ACK records. One notable difference is that the machines that work fine all belong to members of the network operations team and all of other machines are for "regular" employees. The machines are supposed to be standard but the network admins could have made changes on their local systems, which is another aspect we're researching.

We tried changing the TcpMaxDupAcks setting on the server but the value we really need is 5 and the valid range is only 1-3.

Server is Windows Server 2003. Clients are all enterprise managed Windows XP. All clients, including the two working ones, have Symantec anti-virus installed.

This is the only client site out of hundreds that has exhibited this problem.

pathping shows 56ms RTT and consistent 0/100 packet loss even from the problem machines.

Thanks,

Sam

HOSTS file being ignored

My (Windows XP, Professional, v2002, SP3) workstation is completely ignoring my hosts file.

Here is the code in my hosts file:

127.0.0.1       localhost

172.17.1.107    wiki

But, when I open a browser and type "wiki" in the URL bar and hit "Enter" it takes me to the old location of my wiki as it appeared in my old hosts file:

10.0.36.100     wiki

Even though I have renamed the old hosts file "hosts_full" and moved it to my desktop (so, out of the etc folder entirely).

I have so far taken the following steps:

1. Restarted (3 times)
2. Issued "ipconfig /flushdns" from the command line
3. Issued "ping wiki" from the command line (response was "Reply from 10.0.36.100: bytes=32 time=1ms TTL=63")

I've cleared every cache I can think of (IE, FF).

I have an ISA firewall client that runs on my machine and I've tried all of this with it disabled and enabled. In fact, the firewall uses the old hosts file to resolve itself:

10.0.2.126      isa3

And somehow it still works fine even though the new hosts file doesn't contain that line.

Any ideas??? Thanks in advance for the help!

Windows "Run As" without knowing the password

We're installing a digital media system at the college radio station I work at. We're trying to give programmers (read; DJs, not coders) access to the music, without allowing them to copy any of it to their flash drives or transfer it across the Internet.

We're running on Windows systems (Windows XP for the client machines, and Windows Server 2008 for the media server). My idea is this.

• Create a user (ProgramUser) that has no access at all to the digital media.
• Create a user (MediaUser) that has read-only access to the digital media that programmers know nothing about and do not know the password to.
• Have users log in to Windows as ProgramUser, giving them no access at all to the media.
• Run our playback application (Traktor) as the MediaUser, allowing the programmer to play back media but not copy or modify it.

This seems like the perfect solution, but there's one gotcha. If the playback application or machine crashes, the programmer is the only person who will be able to get it running again in a reasonable amount of time (we're a 15 kW FM radio station, so downtime is a big deal). Hence my dilemma...

How can I give the programmer the ability to start our playback application as a user they do not know the password to?

How can I improve my Windows XP start up time?

Windows boot time is pretty good, but it takes forever to get to my desktop once I login. Whats the best way to find out whats happening? I only have 3 items in my Startup folder, but the admins at work seem to have installed like 30 things into my system tray somehow.

One big annoyance is that I have a ~45 second pause after I login but before anything shows up on the screen. During this pause, the hard disk light isn't flashing on my laptop so it feels like nothing is happening which drives me crazy. Is some app trying to connect to the network and hanging? How can I find out?

What would be really cool is some kind of tool that visually mapped out everything thats starting up and which resources its using.

Any suggestions?

Accessing a windows shared folder from Linux?

I am trying to copy a (.html) file from a Windows XP Professional shared folder onto a server running Ubuntu Linux 10.04 LTS.

As it's a shared folder the usual 'wget' doesn't seem to work. I suspect I'm using the wrong address style completely.

I have tried:

1. http://192.168.1.66/SharedFolder/Data.html
2. //192.168.1.66/SharedFolder/Data.html
3. smb://192.168.1.66/SharedFolder/Data.html
4. //192.168.1.66/SharedFolder/Data.html
5. 192.168.1.66/SharedFolder/Data.html

I wondered if this is even possible and if it is, could someone give me some pointers?

I've successfully pinged the Windows box from Ubuntu:

# ping 192.168.1.66
PING 192.168.1.66 (192.168.1.66) 56(84) bytes of data.
64 bytes from 192.168.1.66: icmp_seq=1 ttl=128 time=0.412 ms
64 bytes from 192.168.1.66: icmp_seq=1 ttl=128 time=0.557 ms (DUP!)
64 bytes from 192.168.1.66: icmp_seq=2 ttl=128 time=0.243 ms
64 bytes from 192.168.1.66: icmp_seq=3 ttl=128 time=0.251 ms
64 bytes from 192.168.1.66: icmp_seq=4 ttl=128 time=0.266 ms

and I can access the Windows share from every other computer on the network, however, they are all running Windows XP Professional aswell. I'm not sure if it's a problem between Ubuntu and Windows shares in general or just that my URL style is wrong.

How to lock down Windows XP for use as an internet kiosk?

One of our clients, whose website we built, is a manufacturer of ultra-high-end bicycles. They would like to distribute kiosks -- basically, locked-down Windows XP boxes from Dell -- at some of their higher-profile dealers. The kiosks would be limited to browsing the manufacturer's website. I'm out of my element here, and would appreciate some help and/or good reading material (and/or step-by-step instructions ;-]) on:

• Securing the desktop from casual stupidity. The kiosks are being deployed to high-end cycling boutiques, so given the clientele, malicious attacks will be extremely rare.
• Allowing access to specific web addresses only.
• Restoring a kiosk remotely. Ideally the solution is simple enough for a bicycle salesperson to handle with a minimum of over-the-phone hand-holding.

Finally, I am perfectly open to responses that amount to "you are way over your head here, consult a professional." I argued as much when the job was proposed in the first place, but I was convinced to try taking this on myself before finding someone with more extensive systems administration experience.

What can cause a DNS lookup to ignore a hosts file entry?

I'm having a DNS resolving issue that is affecting the performance of my locally hosted web site when browse it on my local machine. If I attach my network's DNS suffix to my local machine name when I go to the URL in my browser, the site has terrible load times (100+ times slower) than without the DNS suffix.

I thought I could fix this by using my hosts file to avoid the need for a lookup. I added an entry to my hosts file like this

127.0.0.1    myMachine.MyDnsSuffix

But this didn't change the load times, even after a reboot. Although it is not important to resolve this specific problem, I would really like to know why this happens.

Also, when I run nslookup on the domain myMachine.MyDnsSuffix, I notice it uses my network's DNS server to find the IP. Could this be related to my problem or am I just mis-understanding how nslookup works?

How does one make Windows XP auto-reconnect network drives upon reboot?

I have a few network drive mappings that I want to be available to various programs upon reboot. However, they remain disconnected until I visit them manually.

If a program, such as OneNote which reads notes shared on a network drive, tries to connect, it does not see the share and does not cause auto-reconnect.

I am looking for a fully automated solution, preferably just a setting to make Windows natively reconnect on machine boot.

For example, right now drive Y and Z are disconnected and X is connected because I accessed it manually:

Edit: I have to change my question slightly but with quite a significant impact on the answers. The drives are indeed NOT available at logon. They only become reachable after I open an ssh tunnel.

Therefore, the main question is - how do you make applications force the drive alive when they try to access it?

I guess another approach would be to automatically run a script when the tunnel gets established. It's probably my best bet if the above is not possible.

WebDav System Error 67 in Windows XP

Issue: I'm having issues getting WebDav to work in the command line on Windows XP, both Service Pack 2 and Service Pack 3.

C:\>net use z: https://mywebsite.com/software/
System error 67 has occurred.

The network name cannot be found.

I have tested this with two webdav server. Both Ubuntu Apache and I Windows Server 2003 IIS. Both get the same result.

Things That Haven't Worked:

1. I've installed the following Microsoft KB on my XP machines with no avail.

2. I've also found the following reg key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters UseBasicAuth REG_DWORD 1

3. I try the following when trying to use a few work around I've dug up on the web, all producing the same result.

   net use z: https://mywebsite.com/software
   net use z: https://mywebsite.com/software#
   net use z: https://mywebsite.com/software/
   net use z: https://mywebsite.com/software/#
   

4. I've also tried all the above combinations adding a user into it /user:user and /user:user@domain.

5. I've also tried using http:// rather than https://.

6. I've tried "\\server.com@ssl:443\folder"

7. I've gone over networking related issues as @WesleyDavid had pointed out.

Things that do work:

• I can connect to the webdav folder via the URL and with mapping in Network Place, with XP. But the command line doesn't work (I need a drive letter).
• Windows 7 works perfectly with the same command.

My Delemma:

I need this to work with a drive letter. What else can I try to get this working?

Is it possible to disable a scheduled task from the command line in Windows XP?

On my Windows 7 machine I can run something like:

schtasks.exe /Change /TN "MyTaskName" /Disable

But /Disable doesn't seem to be available in Windows XP - is there any way of disabling it from the command line?

How to configure "On-Access Anti-Virus" for a faster boot?

I am in the process of trying to optimize the boot process of our 700 Windows XP workstations, we regularly have complaints about the start-up and login times on site workstations.

Looking at this in two parts, part one using BootVis to monitor and inspect the boot process; part two using Process Monitor to monitor the login process. Using BootVis' "Boot Done" way point as the metric, I utilized a VMWare workstation virtual machine that has been used for about 18 months as a general purpose testing machine (thus fairly typical of on site machines). I used a snapshot to return the Virtual Machine to the initial state before each test.

From the logs and report that BootVis created the most obvious delay was from Sophos Anti-Virus on access scanner, followed at some distance by mrxsmb. I tweaked with the policies for the machine (ensuring I forced Sophos to update twice each time) and came up with the following numbers:

• Scan All Files, On Read: 260 seconds
• Scan All Files, On Write: 160 seconds
• Scan Executables, On Read and On Write: 111 seconds
• Scan Executables, On Read: 99 seconds
• Scan Executables, On Write: 95 seconds
• On-Access Scanning Disabled: 102 seconds

The above tends to suggest that Scanning All Files, On Read is by far the most expensive operation (and probably totally unnecessary). I can't quite comprehend why disabling on-access scanning actually slows down the boot sequence however fractionally fractionally. The final three results are pretty much the same, which means I must use other factors to influence my decision as to selecting Scan Executables, On Read or On Write.

Update:

I did some more tests, on the same virtual machine (at a different time of day, so they can not be compared directly with the above results:

• Sophos Not Installed: 67.4 seconds (average over 5 tests)
• Scan Executables, On Read: 84.5 seconds (average over 5 tests)
• Scan Executables, On Write: 85 seconds (average over 5 tests)

The averaging causes the values for On Read and On Write to converge further, it is interesting to see that using Sophos scan Executable Files only adds a 21% performance overhead over Sophos not being installed.

So what other considerations should I make when configuring On-Access scanning to improve the boot time?

Virtualbox booting from a real drive?

I'm about to take the plunge and install Win7 RC1 on my desktop machine. However I want to preserve access to my old HDD with XP on it. I don't really want to use full dual-boot since that would leave my new Win7 install on the d:\ drive, which it wouldn't otherwise be.

Is it possible to use Virtualbox to boot from that old real drive instead of from an image?

If so, what are the implications for drivers, etc, since the "new" running OS will be using VirtualBox's virtual hardware and not the original hardware on which XP thinks it was installed.

How to tell what computer has a file open on a network share?

Environment:

Windows XP sp3, Windows 2003 server

Problem:

We have several dozen kiosk machines each with the same logon name who occasionally and briefly a file on a share. The rate is several locks and releases a minute.

Recently, we have experienced one of the clients locking a file exclusively, and then not releasing the file. 

We can close the file when this happens, but several minutes or longer elapses, and this is an unacceptable outage.

The unreleased lock issue has happened several times in the last month. I've been looking for which kiosk device is responsible for the locking, and to detect it quickly when it happens.

There appears to be a gap in the information we can get from the server:

We can see from various tools:
-What files are open and locked. (many ways)
-What logon has a specifc file open or locked. (many ways)
-That a particular computer generally has a file open. (Shared folders, sessions mmc)

What we cannot see is that a specific computer has a specific file open and locked.

Anyone know of a way to get to this?

Thanks -

Rob

How do I know if a DLL is registered?

When you are registering a DLL in old machines (Windows XP), regsrv always says that the registration was sucessful. This happens even if the user doesn't have permission to register.

With the name of the dll, is there a command that I can run at the command line to verify if a DLL is installed?

What does the Windows XP EOL/EOS mean for a business and it's domain?

I am hoping someone can explain in simple terms, what it really means that windows XP will be end of life?

It looks like SP2 is already not being patched, but maybe SP3 is going to be patched up until 4/18/2014?

So I assume that means there will be windows update patches available until that date?

What happens after that, no patches at all?

That means the potential for hacks, virus, etc. are greatly increased?