Remote Desktop Disconnects Randomly

Posted by on Apr 26, 2012 in Technology | 0 comments

Update: disabling NIS didn’t fix it.

I deployed SCCM 2012 RTM to our environment last week, after having run the RC successfully for a while. Since then, there have been a number of dropped RDP sessions to our servers. They occur at random intervals, and there are no errors reported in the event logs.

On further investigation, I discovered that the disconnects were occurring at the instant the Forefront Endpoint Protection client updated the Default Antimalware Policy. I’ve turned off the ‘Behavior Monitoring’ and ‘Protection Against Network-Based Exploits’, under the ‘Realtime Protection’ tab. Things appear to be stabilizing.

I suspect that it is the protection against network-based exploits feature (which uses the Network Inspection System) that is causing this. It’s caused me grief in the past with Forefront TMG, and doesn’t appear to be that much better in SCEP.

Read More

SCVMM 2012 RC Console Crashing Repeatedly

Posted by on Apr 17, 2012 in Technology | 0 comments

I encountered an issue with SCVMM 2012 RC console crashing repeatedly. After further investigation, I discovered that it had previously been configured to point to an RC install of SCOM 2012. This install had been replaced with an RTM version, and no longer had the VMM connection details on the SCOM server. Changing the VMM server hosts file to point the SCOM name to itself allowed me to open the console to reconfigure.

Read More

SCCM 2012 Failed to Create Machine Certificate

Posted by on Apr 17, 2012 in Technology | 1 comment

If you, like me, have been attempting to get SCCM 2012 installed in your lab environment, you may have encountered the error ‘Failed to create machine certificate’, and been unable to proceed. In my case, I was attempting to install against a default install of SQL 2012. SQL 2012 defaults to creating local ‘Network Service’ accounts for each of the SQL service accounts. Changing the MSSQLSERVER service to run as a domain account resolved the error.

Read More

UI, Cloud, and Ecosystems

Posted by on Mar 9, 2012 in Design, Featured Articles, General, Technology | 0 comments

I’ve been absolutely fascinated over the last few months with the developing cohesion of the respective Apple and Microsoft ecosystems. On the one hand, Apple is attempting to unify their user experiences across their mobile and desktop platforms via cloud services and UI interaction models. On the other hand, Microsoft is unifying their user interfaces across mobile, desktop, gaming, online services, and server platforms, and unifying the settings in each device category via cloud services. I’d like to detail my perspective on the design path for each ecosystem.

Apple

With the introduction of iOS, Apple unveiled a brand new UI model. Many pundits have theorized over the last few years about Apple unifying the two platforms, similarly to how Microsoft has attempted to sell ‘Windows everywhere’.

While I’ve always admired Apple for their tightly integrated user experiences inside OS X, and the tightly integrated user experience inside iOS, the two platforms seemed very distinct and separate over the last few years. By rights, they are two very different platforms, with very different interaction models.

Apple made its first real attempt to unify the available services across the platforms with MobileMe, a less than stellar ‘cloud’ service intended to unify communications content across the platform, as provide hosted media sharing services. The service failed miserably, and Apple moved on.

Over the last year or so, with the introduction of iOS 5 and OS X Lion, Apple has positioned iCloud as a unified content service, bundled with any new Mac or iOS device. Developers can plug their OS X apps and iOS apps in, and expect the same content to be accessible (streamed or synced locally) on any device the user is signed into. There is also limited cloud front-end for some of Apple’s own apps, but I suspect that in a year or two we may see the iCloud front end open up to developers, and enable users to sign into a web portal to access their content.

In addition to unifying the accessible content across their platforms, Apple has also been unifying design elements across their platforms. The latest versions of OS X Lion and OS X Mountain Lion borrow design elements heavily from iOS. However, while certain design elements are heavily borrowed, OS X remains  oriented toward keyboard/trackpad usage, and iOS remains heavily oriented toward direct touch interaction. They look visually similar, enough to put a new user coming from the other platform at ease, while still maintaining their respective, functional interaction optimizations. Add the user’s content being automatically available via iCloud, and a new user will feel right at home.

Microsoft

Microsoft has lagged behind in the mobile market over the last few years, having gone back to the drawing board after the success of iOS. With the introduction of Windows Phone 7 however, Microsoft unveiled an innovative new design language now called ‘Metro’, optimized for touch interaction.

Windows Phone 7, while not a mass-market share success, was well received and praised by critics for the UI. While very different from iOS, it was unique, very fluid, and felt very natural very quickly. Unfortunately however, it entered the smartphone market very late in the game, and was forced to compete with iOS and the various Android copies/competition.

This past year however, Microsoft began to implement the Metro design language across its platforms. The Xbox 360 saw the Kinect add-on and a firmware update, which changed the console UI to a virtual-touch UI model. Windows 8, client and server, were unveiled with dramatically changed UI’s. Gone is the old Start menu, replaced with a very in-your-face fullscreen Metro Start menu. Leaked screenshots of Office 15 also appear to signal a shift inside the office applications toward Metro. Microsoft has also been pushing developers very strongly to shift toward the Metro design language.

Microsoft has been positioning Windows with Metro UI as a single operating system and UI across their devices. Using Windows Live ID, users have their desktop settings synced from desktop to desktop, Xbox to Xbox, tablet to tablet, smartphone to smartphone, and so on. Content optionally can be synced via the Windows Live Skydrive, and is accessible through a web interface, while Office documents can be modified via Office Web Apps.

‘Windows everywhere’ means that a user will see the same UI across desktop and mobile, and have the same settings for their type of platform (gaming, mobile/desktop, smartphone), no matter where they sign in. This provides a consistent user interface across the Microsoft ecosystem. The issue with this approach however, is that the design of Metro UI is not really suited toward keyboard/mouse, but toward direct touch interaction. In addition, users used to the interaction model from the last 10 years of Windows OS, are now being forced to transition to a UI model that is not even tailored for their mode of interaction.

Summary

In summary, each approach is very similar, yet subtly and fundamentally different. Apple has opted for having the user’s content accessible to them everywhere, while interacting with that content through different, albeit similar, design interfaces on different device types. Microsoft on the other hand, has opted for the route of universally consistent UI interaction, and consistent settings within the individual device types, while optionally making content accessible across devices.

Read More

Misconceptions Regarding Android’s ‘Open’ness

Posted by on Dec 17, 2011 in General, Technology | 0 comments

I’ve wanted to write a post for some time now regarding the ‘open’ness of Android. Every time an Android user tells me about how their device is better because it is open, no one has been able to show me how that makes it a better OS than its competitors.

The only people who tend to care about ‘open’ are the ones looking for a utilitarian benefit. The tinkerers/programmers who want to code functionality into something, and businesses looking to save money. Consequently, little care or thought is given to the user experience. Programmers by their nature generally have no interest in the user experience of their application. Fortunately, UI guidelines/requirements in a closed model force programmers to think about how their application is being used, or wanted to be used. There is no such driving factor in an ‘open’ model, and consequently, they generally fall back to modelling their application after UI/UX work done by others. There is also no real governance (by principle) of an ‘open’ model, and therefore little financial incentive to research and develop UI/UX. This is why ‘Open’ will never lead in UI/UX development, and will always tend to copy the look and feel of other proprietary software on the market.

This is also why Open Source has done so well on the server side. There is almost no need for UI/UX, but the breadth of functionality available, and the ability to create new functionality, is very advantageous to businesses and users looking for low cost server functionality.

I’ve written three points regarding the openness of Android, along with supporting information.

‘Open’ does not mean what you think it means

  • Google gives early, priority access to select partners. 1 This is hardly ‘open’ nature.
  • Google buys partners. This not only is merely to get access to patents to use as defense in litigation, it also is hardly fair to other device manufacturers.
  • Google takes an average of 100 days to open source Android code. 2 The point of the ‘open’ principle is to allow everyone to contribute to the same set of code.
  • Android is encumbered by patent lawsuits. More than half of Android OEMs have signed patent license agreements with Microsoft 3, and Samsung has well-publicized patent lawsuits from Apple. Google steals hard work and ideas from other companies, makes it ‘open’ (not free), and considers themselves justified. If you don’t like the patent rules, work to change the system, don’t abuse it. Play by the rules while working to change them.
  • Slavish copying of the iPhone by Android manufacturers. See here 4 and here. 5
  • Carriers block versions of Android if they choose 6. This is one of the flaws (features depending how you look at it) of the Android model. Every carrier can customize and distribute Android as they see fit. Unfortunately, this also means that they can choose to not distribute entire versions of their customers if they so choose.
  • The idealisms of ‘open’ and ‘free’ are not enough to win. Linux zealots have been claiming for as long as I can remember that ‘this is the year of Linux’, that Open Source will triumph. Yet, the desktop market share of Linux has never gone much above 1% market share 7. Idealism is not enough. Just like communism, Open Source promises much in its ideology, but there are many practical matters in life that hinder reaching ideal. Only the billions of dollars thrown at Android by Google have given it any headway whatsoever.
  • Developers live by the profit generated from their code. They will go where the money is. iOS generates 4 times as much return for developers as Android 8, so this leads to more investment in the platform, and better apps for the platform.

‘Open’ does not mean safer

  • Android has seen a rise of malware (37% increase last quarter, 1000 detected infections, doubled over the past year). 9 Almost all new mobile malware targets Android. Just because software might be ‘open’, does not mean that exploits are patched and gone.
  • CarrierIQ. Precisely because the Android distribution model allows carriers to install their own customizations/bloatware on devices before distributing, nefarious apps like CarrierIQ can be installed and customized to scrape all your data, including text messages and email. So the average customer gets a device that they believe is safer because it’s ‘open’, but the carrier may have already exploited that ‘open’ nature and implemented spyware.
  • Viruses are prevalent on Android. Because apps are not vetted, it is free range for coders/hackers to distribute malicious apps. There was a 400% increase in malware Year Over Year in May 2011, and in 2H 2011, another 472% increase.10
  • I’ve heard arguments that Android has permissions that can be set on a per-app basis, and that this makes the device secure. This model of security however, has been broken, using the very model designed to protect it.11 It does not make your device secure.
  • Another excuse I hear frequently is that the user should make sure that they are installing legitimate apps. No, just no. Respecting a user means taking all that background gunk out of the picture and giving them peace of mind. They should not have to worry about whether the app is safe or not… that is up to the distributor. Users in general are not inclined toward technology, and just want something that works. You don’t ask to see your bus driver’s license every time you get on the bus because you trust the transit commission. Why should a user have to worry about whether the app they’re installing is safe if coming from a primary distributor?
  • I also hear the excuse that a user may need to sacrifice security for choice. Again, no. Microsoft and Apple have managed to bring the best of both worlds in a closed model, so this is merely an excuse for selling Android’s ‘open’ness with its security flaws.
  • I also hear that if users want security, they should only stick with ‘trustworthy’ sources. This violates the entire principle of ‘open’! A user should not have to go to ‘trustworthy’ sources at the expense of ‘open’, if you are selling to them on the principle of ‘open’!
  • A misconception I often hear is that viruses infect iOS and WP7, proven by the jailbreak toolkits. No. Exploits are not viruses, and viruses are not exploits. An exploit is a vulnerability, a virus is something malicious that takes advantage of the vulnerability. Android is the only major smartphone platform invaded by viruses, thanks to its ‘open’ model.
  • Carriers distribute updates infrequently. Typically, after 6 months, carriers/OEMs of Android phones no longer distribute updates.12 This means all those security vulnerabilities that have been discovered, are no longer patched. New security enhancements and features in new phones are not available on the old phones. This is because there is too much cost and no incentive to either the carrier or the OEM in the ‘open’ model to distribute updates to their users. Compare this to the iOS and WP7 platforms, where updates are mandatory on WP7, and updates are still being distributed for the latest OS to even 2.5 year old iPhone models.

‘Open’ does not mean better

  • As we saw above, ‘open’ systems will always lag behind ‘closed’ systems in areas of design and UI/UX, thanks to the very nature of those developing ‘open’ systems.
  • ‘Open’ systems will generally be significantly weaker in security, thanks to the principle of allowing anyone to distribute whatever they want. There is no real safeguard to prevent coders with malicious intent from distributing their wares to unsuspecting users.
  • As MG Siegler points out13, comparing an iOS device to an Android device is a bit like comparing a Mercedes to a Honda. Those who appreciate design and experience will get much more out of the Mercedes, but have difficulty telling someone who only appreciates functionality why.
  • Android has poor integration with enterprise services. No native IPsec VPN, and varying Exchange compatibility between OS versions. Thanks to the carriers who choose not to ensure updates to their devices, the support effort required to support Android on an enterprise deployment becomes astronomically larger in comparison to properly governed systems in a closed model.
  • There is no official support desk for Android. This is a huge barrier for many enterprises. Sure, there are many forums with coders and hackers to come up with fixes, but how many of them have experience in an enterprise setting, and would be able to resolve issues involving infrastructure beyond the device itself?
  • ‘First’ is irrelevant. Arguing that one OS or piece of UI was developed before a competitor is irrelevant when it comes to which is better. Stop sidetracking!
  • In general, Android apps are not as polished as iOS or WP7 apps, thanks to reasons I outlined previously. Low-quality apps from more sources is not ‘better choice’ than high-quality apps from a single source.
  • ‘More Choice’ does not necessarily attract a customer. Simple is often better, and when you look at the lineup of iOS phones (4 phones) vs the hundreds of phones from other vendors, a user will often pick from a simple, easy to understand lineup. A very interesting study on this here.14
  • Feature phones do not equal smartphones. By stripping down Android as a base OS for cheap/free phones that provide basic phone service with a few extra features increases market share. However, this increased marketshare does not make Android a better smartphone OS, as it’s no longer a smartphone. It merely speaks to the flexibility that Android can function.
  • Being able to install Flash because it’s ‘open’ does not make it better. Mobile Flash has proven to be a battery and performance killer on every platform. Installing a now-deprecated15 battery and performance killer does not make the platform better.
  • ‘Open’ software does not mean able to change your battery. This is something that is at the discretion of the manufacturer. Some will choose to make it user-serviceable, others will not. The only thing that really matters in this scenario is the cost and downtime to fix it.
  • ‘Open’ does not mean better quality of code. Firefox for example, is incredibly bloated on the Mac OS, and runs poorly. It also has hit the 32bit limitation for compiling.16 Open does not mean better code or coding practices.
As we can see from the above points, the virtuous, ‘open’ nature of Android is really not so open or virtuous. Please don’t try to sell Android on the merits of being ‘open’.

  1. http://fosspatents.blogspot.com/2011/09/shocker-for-android-oems-google.html
  2. http://www.phonearena.com/news/Android-ranked-the-most-closed-open-source-project-heres-why_id24671?ratelimit=5&sort=threaded
  3. http://fosspatents.blogspot.com/2011/09/samsung-takes-android-patent-license.html
  4. www.reddit.com/tb/kr14a
  5. http://www.cultofmac.com/137752/samsung-is-now-shamelessly-ripping-off-the-design-of-the-4-years-old-iphone-3g-photo/
  6. http://mediapost.com/publications/article/164172/verizon-accused-of-violating-license-by-blocking-g.html
  7. http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=9&qpcustomb=0&d=2011-10
  8. http://techcrunch.com/2011/12/13/android-24-percent-ios/
  9. http://www.linuxfordevices.com/c/a/News/McAfee-3Q-2011-malware-report
  10. http://www.dailymail.co.uk/sciencetech/article-2064686/Google-Anti-virus-apps-infected-Androids-charlatans-scammers.html
  11. http://viaforensics.com/security/nopermission-android-app-remote-shell.html
  12. http://techcrunch.com/2011/10/27/charted-android-fragmentation/
  13. http://techcrunch.com/2011/12/14/iphone-galaxy-nexus-review/
  14. http://www.minimallyminimal.com/journal/2011/11/16/coffee-time-market-share-vs-profit.html
  15. http://www.wired.com/gadgetlab/2011/11/adobe-kills-mobile-flash/
  16. http://www.ghacks.net/2011/12/13/firefox-suffers-middle-ages-bloat/
Read More

Sharepoint 2010 UPS/FIM Error

Posted by on Aug 28, 2011 in General, Technology | 0 comments

Stumbled across an interesting issue the other day while provisioning a brand new Sharepoint 2010 SP1 install on a fully patched Windows Server 2008 R2 box. Everytime we tried to run User Profile Sync, it would fail with the error below being registered in the FIM console.

extension-dll-exception
Cause

Figured out that the error is happening due to .Net Framework 4 being installed, and FIM attempting to use .Net 4 instead of .Net Framework 2. This is a new issue that occurred in the June 2011 CU for Sharepoint 2010, and unbeknownst to us, the June CU was re-released to fix it. We were still utilizing the original June CU.

Resolution

This issue can be fixed by either installing the latest version of June CU, or by following the steps below.

  1. Open 
    C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\Bin\miiserver.exe.config
    for editing.
  2. Locate the below section:

    <startup useLegacyV2RuntimeActivationPolicy="true">
  <supportedRuntime version="v4.0.30319"></supportedRuntime>
  <supportedRuntime version="v2.0.50727"></supportedRuntime>
</startup>
  3. Delete or comment out the reference for the .NET v4 version. Like this:

    <startup useLegacyV2RuntimeActivationPolicy="true">
  <!-- <supportedRuntime version="v4.0.30319"></supportedRuntime> -–>
  <supportedRuntime version="v2.0.50727"></supportedRuntime>
</startup>
    or

    <startup useLegacyV2RuntimeActivationPolicy="true">
    <supportedRuntime version="v2.0.50727"></supportedRuntime> 
</startup>
  4. Restart the two FIM services in the services console.
  5. Run the sync again.
Read More

Configuring SP2010 User Profile Sync Connections

Posted by on Aug 20, 2011 in General, Technology | 0 comments

Stumbled across an interesting issue/fix the other day. We have a Sharepoint 2010 RTM development farm that gives us grief every once in a while during reconfiguration of User Profile Sync. When trying to connect to AD during initial configuration, it would sometimes timeout and throw an error, and other times return the query right away. I discovered that after importing the root CA’s certificate into the Trust Centre, the LDAP queries to our Server 2008 R2 DC would return right away. I checked all the GPO’s, and none of them were misconfigured in regards to LDAP signing requirements. Perhaps this is an error in SP2010 RTM that has been fixed in a later version of Sharepoint? I will have to do some testing with our SP2010 SP1 farm.

 

Read More