Monday 29 September 2008

Microsoft Program Compatibility Assistant

I was working my through some our compatibility checks this morning when I realized that it had been a few months since I last read the Vista Application Compatibility cookbook. This is a rich-text of application compatibility resources and every once in a while, it's worth a re-read.

One section caught my eye - the Program Compatibility Assistant, which is part of the Vista OS and monitors how applications install and how application behave in a run-time environment. 

In Microsoft's own words; 

"The Program Compatibility Assistant (PCA) is a new feature in Windows Vista® and Windows Server® 2008 that can make older programs that have compatibility problems work better in an automated manner. PCA monitors programs for known issues. If an issue is detected, PCA notifies the user of the problem and offers to apply solutions that will be effective before the user runs the program the next time."

There are a number of features to the PCA including;

  • Detecting Failures in Setup Programs
  • Detecting Program Failures under UAC
  • Detecting Program Failures While Trying to Launch Installers
  • Detecting Installers That Need to Be Run as Administrator
  • Detecting Legacy Control Panels That Might Need to Run as Administrator
  • Detecting Program Failures Due to Deprecated Windows Components
  • Detecting Unsigned Drivers on 64-Bit Platforms


I had a pretty good handle on the installation, legacy control panel issues, administrator requirement scenarios and the 64-bit driver installation issues but the Deprecated components area needed some more research.

I have seen the PCA pop-up dialog boxes a number of times, most commonly to advise the user that the application in question required access to a DLL that is no longer available on Windows Vista; a prime example is an application having a dependency on MSVBM50.DLL.

This got me thinking; What algorithm is the PCA using to determine a missing/deprecated component?

Is it;

1) Comparing missing dependencies against a list known missing DLL's?
- If so, are these files documented somewhere?
2) Hooking in the EXE loader (NT.DLL) and logging all failed loads

My thinking is that this is a bit reactive. We should be able to, prior to deployment be able to determine  which applications will experience runtime PCA issues relating to deprecated components.


I suggest the following analysis. Each package should have all of its dependencies  listed for each file contained in the target application package against;

- The target operating system
- All deployed middleware
- What files are contained within the package
Remember, this not about Vista compatibility, but about your build of Vista , your middleware in your environment and your packages.



References:



Friday 26 September 2008

Adobe Reader - Redirection Blues

This week I had the pleasure of working with some of the Microsoft Premier Field Engineers (PFE's)  in an effort to further understand some of the application compatibility issues that might occur when sequencing for Microsoft App-V (formerly SoftGrid).

Quickly, the topic turned to compatibility issues surrounding Folder Redirection as this appeared to pose a serious compatibility problem for Adobe.   

A quick scan of the web, raised a number of forum posting where numerous IT  personnel could not get Acrobat or Reader 9 deployed to C# debugging and "file not found" issues.

For a few samples look here:


It looks like there were some pretty drastic solution paths explored here, especially for Citrix deployments. Yikes... I am really glad that I don't have to do this stuff anymore...


Before I dive too deep into the Adobe deployment problems, let's have a little introduction to Microsoft's Folder Redirection . 

The idea of re-directing user local data folders onto the network was introduced with Windows XP and is defined as, "the automated re-routing of I/O (operations) from local standard folders to use a different, storage elsewhere on the network". Translated, this means that some standard user folders (i.e. My Pictures, My Documents) are redirected to store your files on a network server.  This greatly increases the chances that your files (and Pictures) will get backed up in the laptop being nicked or knackered.



Windows Vista uses folder re-direction on the following directories; Contacts, Desktop,  Documents, Downloads,  Favorites,  Music, Videos, Pictures, Searches,  AppData, Links, Saved Games.  

I have included a sample screen-shot of a Vista re-directory folder structure for your amusement.



If your browser has a spell checker AppData would appear with a red underline, which is appropriate as the AppData folder is one which caused us and to my great surprise, Adobe quite a lot of trouble.

Through our trouble-shooting exercise it became Adobe Reader and Acrobat 9 were attempting to write user specific data to the AppData folder. This is fine and according to the Microsoft logo application development specifications, this is OK.

So, in an enterprise environment, a user will logon to their desktop or laptop and if their IT department has done their job,  the AppData folder will be redirected to something like;  \\servername\region\department\username\AppData

And, here is the big issue. As folder re-direction takes place prior to logon- the user will not have any mapped drives. So, the fully qualified path to the final resting place on the target server for AppData will be a UNC path. 

Hint: It will be a UNC path.

As you can probably guess where I am going here; 

Adobe Acrobat 9 and Adobe Reader can not store their AppData files onto a UNC path. After a little debugging through their code, it appears that there is a failure to "read from left to right" and correctly parse the full path.

Hence, the file not found, app crashes and C# debugger errors that present themselves to users upon application start-up.

So, I did little more digging and loading Flash and version 6,7  and 8 of Adobe Reader. All of these packages use the redirected folder "AppData" in the same way - and I am sure that they will experience the same issue.

I will write more on the Adobe issues next week. And, there will be plenty to write about as it looks like there are over 400 application level conflicts between Adobe Reader 9 and Acrobat 9.

References:

Folder Redirection has a brief mention here: http://en.wikipedia.org/wiki/Folder_redirection 





Wednesday 24 September 2008

Windows Server 2008 GPO ADMX Files Released

An associate (ex-softie) alerted me to the release of the Windows Server 2008 Group Policy Administrator pack this morning. 

These Active Directory Group Policy packs contain all of the registry settings required to manage Windows 2008 servers through Microsoft's Active Directory.  Effectively, these Administrator packs include all of the configuration information require to set and maintain your server preferences and security settings

These GPO Administrative  template files in Windows Server 2008 and Windows Vista are text based and divided into ADMX (language-neutral) and ADML (language-specific) files. ADML files are XML-based ADM language files that are stored in a language-specific folder. By default, the %Systemroot%\PolicyDefinitions folder on a local computer stores all ADMX files, and ADML files for all languages that are enabled on the computer.

These files are an important requisite tool for understanding how to deploy and manage Windows Server 2008 and can be found here; 

To find out more about managing Windows 2008 servers through Active Directory and GPO settings, you can refer to the following Microsoft documentation;

Microsoft Group Policy Preferences: Getting Started Guide

Best Practices for Authoring ADMX Files

If you are like me, you may find these packs hard to read, especially if you are looking for specific registry settings as a deployment or debugging effort.  Therefore, you may find the Microsoft Excel format (XLS) more helpful. This Excel file clearly lists all of the registry settings required for configuring your Windows 2008 server and can be found here:

Group Policy Settings Reference for Windows Server 2008 and Windows Vista SP1



Monday 22 September 2008

SQL Server 2008 - Oh, bother

I can't believe that I am writing this blog entry on SQL Server.  I am not a hard-core Db guy, more of one of those engineering types who looks on the Database Administrators  with some scepticism and occasional bouts of devout worship when I am really in trouble with some deep, dark and scary SQL query.

I wanted to comment on a few things that seem to break when moving from SQL Server 2005  to SQL Server 2008. I was really surprised to discover that the latest version of Microsoft's SQL Server (2008) breaks some applications - particularly upon connection to the server. There are a number of security changes, which should be expected and can be found here:  http://www.microsoft.com/sqlserver/2008/en/us/wp-sql-2008-security.aspx

But, I was surprised to find that my existing/installed  version of  SQL Server Management Studio  would not connect to a fresh install of SQL Server 2008. 

A quick scan of the net, and there appears to be a few issues with compatibility of the new SQL server release including;


and for a great BLOG on the topic, visit the Scalability Experts tremendous effort located at: http://blog.scalabilityexperts.com/ 


If you are looking for a solution to the Management Studio connection  issue, Microsoft has released a  helpful KB article on the topic (http://support.microsoft.com/kb/946127/ ) and subsequently have released a hotfix; http://hotfixv4.microsoft.com/SQL%20Server%202005/latest/Yukon_SP2_CU5/9.00.3215.00/free/335088_intl_i386_zip.exe

I recommend that you install Service Pack 2 as well. SQL Server 2005 SP2 can be found here: 


I can't believe that I am writing this blog entry on SQL Server.  I am not a hard-core Db guy, more of one of those engineering types who looks on the Database Administrators  with some scepticism and occasional bouts of devout worship when I am really in trouble with some deep, dark and scary SQL query.

I wanted to comment on a few things that seem to break when moving from SQL Server 2005  to SQL Server 2008. I was really surprised to discover that the latest version of Microsoft's SQL Server (2008) breaks some applications - particularly upon connection to the server. There are a number of security changes, which should be expected and can be found here:  http://www.microsoft.com/sqlserver/2008/en/us/wp-sql-2008-security.aspx

But, I was surprised to find that my existing/installed  version of  SQL Server Management Studio  would not connect to a fresh install of SQL Server 2008. 

A quick scan of the net, and there appears to be a few issues with compatibility of the new SQL server release including;


and for a great BLOG on the topic, visit the Scalability Experts tremendous effort located at: http://blog.scalabilityexperts.com/ 


If you are looking for a solution to the Management Studio connection  issue, Microsoft has released a  helpful KB article on the topic (http://support.microsoft.com/kb/946127/ ) and subsequently have released a hotfix; http://hotfixv4.microsoft.com/SQL%20Server%202005/latest/Yukon_SP2_CU5/9.00.3215.00/free/335088_intl_i386_zip.exe

I recommend that you install Service Pack 2 as well. SQL Server 2005 SP2 can be found here: 


Wednesday 17 September 2008

Microsofft Security Update - September 17th

Our automated scanning of Microsoft's security and Window Update database picked up a number of revisions to several patches that were released as part of this Month's Patch Tuesday including;

MS08-053: Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution 
This Windows security update changed a single file  (Wmex.dll) which was not updated in this minor revision. Apparently, from the Microsoft documentation, only the patch description and Norwegian language pack information was update. This updated information can be found here: http://www.microsoft.com/technet/security/bulletin/ms08-054.mspx

"And, the critical excerpt from this updated documentation includes; "Reason for Revision: V2.0 (September 15, 2008): Added entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to communicate the re release of the Norwegian language update for Windows Media Player 11 on all supported 32-bit editions of Windows XP. "

MS08-054: Vulnerability in Windows Media Player Could Allow Remote Code Execution
The following file is updated in this security update; Wmpeffects.dll and this payload information did not change with this revision.  Like the revision update for MS08-053, this update relates to the patch description information and non-compatible application information for Norwegian language packs. The updated information is can be found here: http://www.microsoft.com/technet/security/bulletin/ms08-054.mspx

And the updated text in this update is quoted here;  

"Added entry to the Frequently Asked Questions (FAQ Related to This Security Update section to communicate the re-release of the Norwegian language update for Windows Media Player 11 on all supported 32-bit editions of Windows XP."


Note: That the criticality rating has not changed for both of the patches and remains at a CRITICAL  rating.


Monday 15 September 2008

iTunes 8 Update - Blue Screen of Death

One of the blogs that I read pretty frequently is the Microsoft supported "Windows Experience" blog  (http://windowsvistablog.com/blogs/windowsexperience. This week Brandon Le Blanc (a Softie) posted an interesting entry on the latest version of iTunes (version 8). Brandon  had hit upon the dreaded BSOD, "Blue Screen of Death". When your machine crashes, hard, with no chance of recovery, you get a blue screen (with white text) that looks like something like this;




Apparently, when you install the latest version of iTunes, your desktop machine says (in a small voice), "there is no going back... There are no second chances, no tears in the rain redemption, no heroic last attempts".  

YOU...  need to REBOOT your machine, son!  Because, an application has installed a system level driver update and your desktop OS (Vista) cannot handle it. I really wanted to say, "Your desktop can't handle the truth!", but refrained.

One of the great promises from Microsoft ( or one of the flavours of the Longhorn cool-aid) was that these types of crashes would be the thing of the past. Microsoft's new Windows Vista would have "infrastructure" in place to prevent serious driver issues,  broken Operating systems and other computer nightmares. We were told that this was the price worth paying for inconveniences such as the annoying (or just poorly tuned) User Account Control, for the difficulty in installing applications and the application compatibility issues that come with increased levels of security and account restrictions. And, for needing a new version or upgrade of ANY application that installed a system level driver.

Bad on Apple for installing dodgy drivers. But, double  BAD BAD for Microsoft. Apple should not be able to "mess" with the Operating system (however much they would like to). Vista offers a whole new approach to handling operating system protection and in this case more importantly the installation of drivers.  Microsoft's coveted Windows Drives Model (WDM) was supposed to prevent this from happening and in my view, WDM has "come a cropper" *. Why?

Let's dive into the installation of iTunes. 

You may not have noticed that the iTunes installation actually is comprised of the following 6 "applications" or packages;

  1. AppleMobileDeviceSupport.msi 
  2. AppleSoftwareUpdate.msi
  3. Bonjour.msi
  4. iTunes.msi
  5. MobileMe.msi
  6. QuickTime.msi

Personal note: I got caught-out two weeks ago, saw the Bonjour directory under Program Files and immediately deleted it. I thought it was malware, or bloat-ware from one of the (too) many applications that I install on my test machine before the monthly rebuild. Why doesn't Apple tell you about the installation of the Bonjour service? And, why doesn't the installation process even mention MobileMe. I didn't sign up for MobileMe. Why is this stuff installed on my machine?

Back to iTunes. Reading the reports about this BSOD STOP error, it appears that this system crash is caused by the installation of a USB driver, notably;   GEARAspiWDM.sys  

I searched for  "GEARAspiWDM BSOD" (with the quotes)  on Google and came up with 2,390 hits. So, this driver may not be well-known but it is infamous for causing issues - notably total system collapse. Google is so "diluted" with iTunes issues that I was not able to get any more useful information on the driver - enough said.

The "initial version" of iTunes was version 8.0.0.35 and included version 2.1.1.1 of GEARAspiWDM.sys. The updated iTunes (8.01) package contained version 2.1.1.1. 

Hmm... I think that we have a scapegoat here. If this was a driver issue, then we should have a file level difference (i.e. Different versions of the same drivers) or the installation process has been somehow updated.

To check this out, and see if the iTunes installations were different between version 8.01  and 8.0.035, I used the Microsoft MSI installation database comparison command line tool; MSITRAN.EXE

This Microsoft engineering tool  allows you to compare 2 MSI installer packages and generate a third file that contains the differences; either additions, changes or deletions.

I ran the MSITRAN.EXE tool on the different versions of the iTunes installation routine (remember: the old version crashes your desktop and everyone blames the  bad driver GEARAspiWDM.SYS) and compared it with the new, improved (does not crash your desktop) version of iTunes (version 8.01).

Guess what?

I got the following error;  "Error 2223" - This error can be referenced in the Microsoft Platform SDK as, "Databases are the same".

Meaning, the two installations contain the same driver and the same installation instructions.

Gents, I DO NOT believe  that the update of GEARAspiWDM.SYS is causing your BSOD issues.

Tomorrow's update will detail more clues on what could be causing these issues.

Stay Tuned for tomorrow's POST, don't touch that dial!

Note: though this PUN was not intended (too much RUM), it does reflect nicely on the "Longhorn" code-name for Windows 2008 and the Vista kernel. For those not affiliated with the horse-riding/loving crowd, "to come a cropper" usually means to fall off your  horse, specifically falling over the neck of the beast. That said, from the view of my cycling crowd friends, this term now firmly belongs in the "two pedals better" camp.


Saturday 13 September 2008

MS08-52 - Micrososft Security Patch Update

Critical Microsoft Security Patch MS08-052 Updated!

Patch Tuesday happens more than once a month. In fact, our automated anlaysis indicates that the Microsoft security database changes between 3 and 4 times a month. This time, one of the critical patches has been updated; patch MS08-052.


And the reason, as quoted by Microsoft is; "Bulletin updated to add Microsoft Office Project 2002 Service Pack 2, all Office Viewer software for Microsoft Office 2003, and all Office Viewer software for 2007 Microsoft Office System as Affected Software."

Given that this patch was rated critical and recently updated, I decided to spend a bit more time on some of the issues surrounding the September patch update, "MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution"  and wanted a few more thoughts to this possibly disruptive update.


First, the FSIRT update indicates a number of vulnerabilities with GDI including;

  1. The first issue is caused by a heap overflow error when processing gradient sizes handled by the vector graphics link library, which could be exploited to execute arbitrary code via a malicious web site.
  2. The second vulnerability is caused by a memory corruption error when processing a specially crafted EMF image file, which could be exploited to execute arbitrary code via a malicious image.
  3. The third issue is caused by an error when parsing records in a specially crafted GIF image file, which could be exploited to execute arbitrary code via a malicious web site.
  4. The fourth vulnerability is caused by a buffer overflow error when allocating memory when parsing a specially crafted WMF image file, which could be exploited to execute arbitrary code via a malicious image.
  5. The fifth issue is caused by a buffer overflow error when processing a malformed header in a specially crafted BMP image file, which could be exploited to execute arbitrary code via a malicious web site.
The full documentation can be found here;  http://www.frsirt.com/english/advisories/2008/2520 

I really think that this level of detail would be really helpful in our future reports, so, apologies for not including it in this month's Patch Tuesday report.


And, if you would like to find out more about GDI+, look here: http://msdn.microsoft.com/en-us/library/ms533798(VS.85).aspx

And have run the contents of this package against our test AOK Application Compatibility test portfolio. Why?

Once loaded into our system, we can analyse each application package (MSI) for configuration data overlaps (file s and registry settings)  and in addition look into the dependencies for each file in each package and determine if there is a dependency on the GDI  components.

After some quick analysis of the GDI redistributable EXE, I found that bar the catalog and manifest files (CAT/MAN) there was only file gdiplus.dll included in the hotfix redistributable package . This was interesting news as the Patch update payload (the files included in the Security update MS08-055) only included a single file; gdiplus.dll. So, my worries were put to rest about the possible impact that this redistributable might have and I feel that our initial report still accurately reflects the potential impact of the security update MS08-52; both for overlaps for application packages and the corresponding dependency analysis.

In addition, I though it would be really helpful to include the links from the monthly Microsoft Patch related Questions and Answer session hosted by Christopher Budd from the Patch team. 


I wanted to highlight one question in particular  that was raised in this session, quoted here; 

"Q: Why does bulletin MS08-052 not indicate the SP for Office 2003/2007; so the patch will not be included, and MS08-053 will not be included in future SPs for Windows Server 2003/Vista/2008?  Are these typos?
A: For MS08-053, the fix is contained in the Windows Media Encoder.  This is an optional component and not applicable for the OS service pack.  For MS08-52, there is currently no Office 2003 SP3 scheduled.  However, it should be included in future service packs for Office 2007."
 
Note: the answer to this question is, "there is currently no Office 2003 SP3 scheduled"  Wow! 

Wednesday 10 September 2008

Patch Tuesday - September 2008

The good news this month is that the patches and updates are relatively light. 

The updates MS08-055 and MS08-053 relate to Windows Media player which has a minimal impact on the Operating system and few applications have a direct dependency on Windows Media player. More importantly, MS08-052 includes an update to a core element of the operating system (GDIPLUS.DLL). This file is part of the graphics library for Window XP. Several applications we ran through AOK can load a version of this file from their source media/download process when they are installed and so there is a danger that if this happens the installation will result in an out of date version of this file being loaded and overwriting the version in the patch update this month.

IT departments need to identify which applications can do this and have a process in place which stops this happening. 3% of the applications we tested have this capacity including Microsoft Messenger and Macromedia Dreamweaver. Here is a sample of the AOK Workbench analysis which illustrates that Messenger both includes this key file in its installation package and has a key dependency on GDIPLUS.DLL.

Test

In terms of which applications use or have a dependency on this component, we found that 30% of the applications we tested fall into this category. We recommend organisations test all applications with such dependencies.

Specific reboot Information
Also it should be noted that all machines (servers and desktops) with this patch update will need to be rebooted for the update to take affect as per the table below.

Testing Summary
  • MS08-052: updates key components of Microsoft Messenger and Digital Imager
  • MS08-055: Updates key Microsoft Office components - full application test required
  • MS08-053: Marginal impact and negligible testing profile
  • MS08-054: Marginal impact and negligible testing profile


Patch NameIssues% Affected
(with dependencies)
RebootRAG
MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution23730%YESSerious
MS08-053 Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution<1%<1%YESTest
MS08-054 Vulnerability in Windows Media Player Could Allow Remote Code Execution<1%<1%NOTest
MS08-055 Vulnerability in Microsoft Office Could Allow Remote Code Execution91%NOTest

Legend: 
No IssueNo Issues Detected
FixablePotentially fixable application Impact
SeriousSerious Compatibility Issue
Test

Security Update Detailed Summary
MS08-052Vulnerabilities in GDI+ Could Allow Remote Code Execution
DescriptionVulnerabilities in GDI+ Could Allow Remote Code Execution This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payloadgdiplus.dll
ImpactMS08-052 updates a core OS level DLL that is responsible for Windows XP/2000 graphics interface. A number of applications contain this file in their application installation routine including; Reuters Messaging, Microsoft Messenger, Macromedia Dreamweaver and Microsoft Digital Image which could cause application compatibility issues when these packages are deployed. In addition, a significant portion of our testing portfolio had a file level dependency on this updated DLL.
 
MS08-053Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution
DescriptionThis security update resolves a privately reported vulnerability in Windows Media Encoder 9 Series. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadThe following file is updated in this security update; Wmex.dll
ImpactThis update had a marginal impact on the AOK Workbench application package portfolio through direct file and configuration overlaps with the update payload and the portfolio packages.
 
MS08-054Vulnerability in Windows Media Player Could Allow Remote Code Execution
DescriptionThis security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadThe following file is updated in this security update; Wmpeffects.dll
ImpactThis update had a marginal impact on the AOK Workbench application package portfolio through direct file and configuration overlaps with the update payload and the portfolio packages.
 
MS08-055Vulnerability in Microsoft Office Could Allow Remote Code Execution
DescriptionThis security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadThe following files are updated in this security update; Onbttnie.dll, Onenote.exe, Onenotem.exe, Onfilter.dll, Onlibs.dll, Onmain.dll, Mso.dll, Mso.dll, Ietag.dll
ImpactThis Microsoft security update, while not affecting a large portion of the AOK application portfolio did directly affect a number of Microsoft application packages including Office 2003 (standard and professional), Microsoft Visual Basic, and Microsoft Project.

Details of Lab process
c. 800 applications were tested against these patches using the ChangeBASE ACL (Application Compatibility Lab)

Wednesday is Anything Can Happen Day

Well, it looks like the world did not END* when Microsoft released it last batch of patches, we were not sucked into a swirling grey goo of strangelet driven nano-scale mono-poles. For more information on this topic see http://www.msnbc.msn.com/id/24556999/page/2/


Which is probably a good thing, for the following reasons;

1) Microsoft patches should not really break your machines or applications any more as the update technology has now had almost seven years to mature. Hint: We should be getting this update stuff mostly right now, and broken desktops and applications should be rare, and by far the exception, and a thing of the past.

2) The CERN Hadron collider was scheduled to start-up yesterday but will not be "up to speed" for few more months, and no major proton collisions are scheduled for this side of this year. That said, we could be in for a "Big Bang" in the New Year. For more insightful, witty and down-right useful important news reporting, look here: http://www.theregister.co.uk/2008/09/10/lhc_day_is_not_today/ .

3) Wednesday is "Anything Can Happen Day" (See the Mickey Mouse club here: http://en.wikipedia.org/wiki/The_Mickey_Mouse_Club ) And, who wants to die on a day like that.

I don't know what everyone thinks about the format of the ChangeBase Patch Tuesday Patching Impact report  (is the RAG status helpful, cool or annoying?) That said, I had a couple of recent interesting posting from blogs and news sites regarding our Patch Update including ;

Dave Winder's comment on the "deal with it, it happens" nature of desktop maintenance and security patches found here;
http://www.itpro.co.uk/blogs/daveyw/2008/09/10/patch-tuesday-risk-analysis


And the excellent briefing by Antony Savvas on the nature of application level conflicts and the potential problems that deploying security patches may introduce into your desktop and server environment found here;
http://www.computerweekly.com/Articles/2008/09/12/232293/microsoft-ms08-052-security-patch-not-compatible-with-some.htm

I really think that Antony "gets it", when he posted the following; "There is therefore a danger that if this happens, the installation will result in an out-of-date version of this file being loaded, and overwriting the version in the patch update this month."


So, ChangeBase is planning to deliver this kind of report on a monthly basis, with the hope of working with Microsoft on the patch payload and update structures. This would be really great, as this kind of information is more useful when delivered early.

Any comments on these reports would be really helpful/interesting and any other ideas on what we should be reporting upon, would be gratefully thought about.

For those who missed the newsletter, here is the link to the ChangeBase website;


*I am not saying I was expecting the end of the world for these reasons, I was just prepared.

Tuesday 9 September 2008

In my last blog, I vented some of my frustrations and equal measures of eagerness to under the Component Based Servicing model used by Microsoft to update applications and their Vista and Windows Server 2008 platforms.

Cooler heads have prevailed, and a contact from our local media monopoly in the UK (hint: the BBC) sent me a link to a posting on the ASKPERF Vista Performance team blog ( Understanding Component-Based Servicing) that adds more detail to the rough Setup architecture sketch (see my previous blog post: Component Based Servicing)

The author CC Hameed indicates in his post that there are 6 key elements to the componentized services including;

  • CBS (Component Based Servicing) - Also known as the trusted installer (TRUSTEDINSTALLER.EXE), which works at the package / update level
  • CSI (Component Servicing Infrastructure) - Works at the deployment/component level
  • DMI (Driver Management and Install) – Advanced driver installation processes
  • CMI (Component Management Infrastructure) - Handles the advanced installers
  • SMI (Systems Management Infrastructure) – Used to manage registry settings
  • Kernel Transaction Manager (KTM) – Enables clients to use the transactional registry and file system

This is great!

Note the HINT that the TRUSTEDINSTALLER.EXE could be an alias for "CBS". Now, you can track down "TrustedInstaller" information easily as you can match the EXE/process name to the Service Name. Chris Jackson provides some really helpful hints on how to use the Services MSC (run services.msc) to track down these process. His blog is located here;  http://blogs.msdn.com/cjacks/default.aspx .

Running Services.msc from the command or start line, you get the following information regarding "Trusted Installer"



Two things stand out immediately;

  1. CBS looks like the Windows Module Installer. Could this be the same as MSI Installer? Is CBS just another name for MSI Packages
  2. And, look at that lovely directory; C:\WINDOWS\SERVICING\... I bet there are some DLL's we could have a look at here.

And YES! We found a little GEM... CbsApi.dll.

I am so excited, I feel like one of the characters from Dan Brown's book, "The Davinci Code" 

For this post, let's run this baby through a dependency analysis and then let's also see what DLL exports are visible... Yes, I am probably going to get into trouble from someone for this approach...

Here is a screen-shot from Depends.exe (we love you Mark: http://blogs.technet.com/markrussinovich )



No surprises here - and probably due to my lack of technical expertise in this area - no more useful information.

OK, now let's see what is in the DLL Export table - hopefully something interesting - something that will lead us to a little bit more knowledge.



Ohhh no, just the standard DLL Self Register API calls... Arrgghh.... Nothing, no new information....

Oh, you little CBS, I am really going to get you now... 

Monday 8 September 2008

Component Based Servicing (CBS) - A voyage of discovery

With the first steps of any great journey there is a sense of nervous excitement, possibly some trepidation and for some, pure cold-sweat fear. Where will this journey take me? What will happen along the way? And, for me the question always arises, "Will I be different when I get there?"

And the journey I am now referring to is the quest to really, properly, fully and completely understand how Microsoft updates, manages installs, and makes changes to Vista and Windows 2008 desktop and server platforms. I understand from reliable sources that the starting point for this epic quest is Microsoft's "Component Based Servicing" or CBS which is turn part of the setup architecture.

Here is a handy (but possibly too simplistic) diagram/view of the Setup Infrastructure for Windows Server 2008 and Vista.



As a personal note, you can tell about a lot about me and my friends because we started at the bottom of the diagram... Instead a nice high-level starting point, we go for the deep dive straight away.


Now let's try to find out about each component...

From the Microsoft reference website, there are some good high-level descriptions for each "block" in the diagram above including;

  • Optional Component Setup: "Optional Component Setup (OCSetup.exe) is a command-line tool that installs and uninstalls Windows optional components. This tool replaces Sysocmgr.exe. You can use OCSetup.exe to install, update, and remove Windows Installer (MSI) components and Component-Based Servicing (CBS) components."Further information is found here: http://go.microsoft.com/fwlink/?LinkId=91915
  • Package Manager: "The Package Manager is a tool that installs or removes packages or Windows components. It is called by Windows Setup during normal installation, including unattended installation, and runs transparently while updating or installing Windows. Further information can be found here: http://technet.microsoft.com/en-us/library/cc753368.aspx
  • Language Pack Installation: Language Packs help with the display of dialog boxes, wizards, menus and help documentation in different languages.
  • Component Based Servicing: This is a critical component to installing, updating and removing applications on the Vista and Windows Server 2008 Platforms. The Microsoft Component-Based Servicing (CBS) is part of the servicing stack which is defined by Microsoft as "a set of files and resources that are required to service a Windows image or operating system"

OK, so what is the big deal? Sounds simple enough.

Well, I just can't get enough information on Microsoft's Component Based Servicing for the following reasons;

  1. There aren't any publicly available API's (maybe there is - can you help?
  2. No clear cut definition of what a "component" is
  3. No documentation on how "I" (meaning anyone) might create a component
  4. No clear description on what happens when you update, remove or install a component
  5. NO DOCUMENTATION!

As Won Yoo said in his IIS blog (http://blogs.iis.net/wonyoo) , "when it comes to servicing, a component is the smallest unit of measure and this creates an interesting patching behaviour. A component may contain several files. So, even if a fix for a particular bug is localized to one file, if the file belongs to a component that consists of other files, the patch will contain all files in the component."

Yes, quite.

I read an MSDN article that indicated that CBS was the most important management advance in Vista and that CBS was really, very important. OK, I have downloaded the Windows Automated Installation Kit (WAIK. Found here: www.microsoft.com/downloads/details.aspx?FamilyID=C7D4BC6D-15F3-4284-9123-679830D629F2) and did not find any further documentation on CBS.

For a laugh, have a laugh and have a read of the Microsoft CBS "documentation" found here: http://msdn.microsoft.com/en-us/library/aa903048.aspx

To really drive the point, here is a screen-grab of the page.



For the definition of sparse, look here; http://dictionary.reference.com/browse/sparse. To experience it in real life, to live it, is to search for CBS.

Friday 5 September 2008

Office 2007 - A new way of thinking

I was asked by a colleague a little while ago to start thinking about Office 2007 in a new way.

He asked me, " What kind of issues would we encounter with the introduction of Office 2007 in an enterprise environment which might break applications?". My answer, "No clue". Followed by, "I am really busy right now". Followed by, "Yes, right... Uhmmm, got to go now...bye!".

I mean, Microsoft's Office 2007 is a really big, complex application. I use Word, Excel etc. all of the time and sometimes I feel that the desktop platform is a "merged" blend of WindowsOfficeAndIE. The difficulty in pulling these mammoth Microsoft monopolies apart got Microsoft in legal "poo" with the US government a while back. If you walk through the Office installation you begin to wonder where a desktop build ends and the application installation process starts. Add Internet Explorer (IE) to the mix, and for most organisation you have most of what people "USE" on a daily basis and a good chunk of what developers rely and most importantly "BUILD " upon for most of their applications.

So, not really taking his suggestion that I consider his request in the few moments before I fall asleep each night, or the few seconds between waking and getting up to get the kids breakfast, I started asking the question,

"What installation, integration and maintenance issues would Office 2007 cause in a big, heterogeneous corporate/enterprise environment?"

The answer is; surprisingly quite a lot. Here are some initial thoughts;

  • Excel Add-ins - these guys are chunks of code that completely depend on the Excel universe to survive and would have loads of links, dependencies and integration points which would be ripe for breaking under a new version of Office (Excel).
  • Applications that use Excel to display spreadsheet data - there are a large number of applications in the financial and insurance sector which rely on the Excel calculation engine to generate and display their results.
  • Office 2007 has deprecated (removed support) for a number of Application Programming Interfaces (API's) that previous developer's may have used. This means that a function within a 3rd party application may no longer start or simply return an empty string.
  • Broken support for integrated applications. Applications that integrate directly into Word or Excel may no longer work due to the changes in the Office UI or even the architecture of Office applications. I understand that version 6 and 7 of Adobe PDFWriter no longer work under Office 2007 and that there issues with getting the Oracle connector to work in Outlook.
  • New Security Restrictions. Applications could do pretty much what they wanted to in previous version of Office - this has changed with Office 2007 and may break some 3rd party applications. These changes could be pretty difficult to debug if you take the huge security changes that have been introduced with Vista as well - which one broke the app? Vista or Office? Both?
  • Office Updates: What changes, restrictions have been introduced over the past year through Microsoft update which may affect my other, 3rd party applications? This is a huge challenge for enterprise desktop management. As application developers design, develop and deploy applications for their target desktop and office - monthly changes and updates from Microsoft (while I am sure are very helpful) may move the goalposts in the sense of changing security restrictions or functions that were previously relied upon.

Loads of stuff - but I wonder how many applications would really be affected? So, over the next month or so, we are going to take a look at answering these questions and getting some rough and ready quantitative data - real applications, real numbers, real issues...

Should be a version of fun!

Wednesday 3 September 2008

Two Microsoft AppCompat Updates this week...

We (the development team and I) have been incredibly busy over the last few weeks getting the final touches on our latest release of our software and it looks like Microsoft has been busy too. There have been a few updates recently including;

The Microsoft Application Compatibility Tool-kit has been updated to version to 5.0.3 (from the recent update of 5.0.2) which can be found here:

http://www.microsoft.com/downloads/details.aspx?FamilyId=24DA89E9-B581-47B0-B45E-492DD6DA2971&displaylang=en

Chris Jackson from Microsoft has offered some useful information on what bugs have been fixed and the updates included in this latest release.

His blog can be found here; http://blogs.msdn.com/cjacks

and the link to the release notes mentioned by Chris can be found here;

http://blogs.msdn.com/cjacks/archive/2008/09/02/announcing-act-5-0-3-a-k-a-act-5-0-5428-1080.aspx

I still struggle with ACT as a pure-play compatibility assessment tool, but it can offer some interesting debugging information when you encounter an application that simply won't start or generates a spurious error dialog box on Windows Vista or Server 2008. As mentioned in one of my other posts on the Terminal Services Compatibility Analyzer (MS TSCA), the Standard User Analyzer (SUA) is important tool in your application compatibility assessments efforts.

In addition to this update, the Microsoft Virtualization team has been busy putting the finishing touches on their latest release of Microsoft Application Virtualization (MAV and formerly SoftGrid) with the RTM of version 4.5. The MAV team blog has a really enthusiastic description of the updates included in this release which can be found here;

http://blogs.technet.com/softgrid/archive/2008/09/03/microsoft-application-virtualization-4-5-rtms.aspx

I am particularly interested in the new "Dynamic Application Virtualization" feature, which is described by the MAV team as;

"(Dynamic Application Virtualization) allows an administrator to dynamically suite different plug-in and middleware application packages together with a primary application so that the applications can interact with each other, while maintaining only a single package for each application and reducing total package sizes. Updating packages is now much easier as there is only a single package to update for each application instead of many."

Now, I wonder if we have to worry about that old favorite; Application Conflicts?

I will spend some time later next week - and, so will post my findings as they trickle out of my ever more pressured schedule.

Monday 1 September 2008

Gallium Partnership

As I have mentioned previously, I work for a company called ChangeBase (www.changebase.com) that makes software to automatically report and resolve application compatibility and packaging related issues.

As part of some blatant self-promotion, I am delighted to announce that we have partnered with Gallium, a South African development and testing consultancy. We started working with the Gallium boys a while ago and I have always been delighted by how easy they made my life.

I remember when I did my first demo to the Gallium crew in Cape Town (SA). I have gave them a 5 minute "briefer" on our software. I showed them how to load application packages into our database, run a few selected reports and show how easy the fixing was. Once done, they just kind of looked at me... Funnily...

And they said, "let me get this straight, you;

1) Drag some MSI packages onto your software
2) Press the Load It button

"And, it's loaded into the database, right?"

I say, "Yep and then select a few reports from the Reports tree and press the "Run it" button. The selected reports will analyze the loaded applications and generate a Red, Amber, Green (RAG) report which indicate if there is a problem, if the issue is fixable or that the application may require an upgrade.

And they said, "When I select a issue with a fix, and I want to resolve that issue, I just press the "Fix-It" button, right?"

I say, "Yep, that's it. And, for every fix, there is a LOG file documenting every change, and a Transform file

And the Gallium boys said, "Fine.... (pause) May I do the next demo to a client?"

I said, "OK, but may come along as well?" "Sure", they said.

Next morning, and in front a prospective client, one of the Gallium technical guys did a sterling demonstration of our software. I mean, I learned quite a lot from what he did - about my own project!

Needless to say, the Gallium crew made and has continued to make my live really easy.

So, here is the press release from our company website;

http://www.changebase.com/news_release_2008_08_27.html


And Good Luck to you Gallium!