Using RDPGuard To Protect Your Windows Server

One of my remaining dedicated servers which hasn't yet been migrated to Amazon EC2 is hosted in a UK datacenter without a dedicated firewall to protect it.

Whilst I knew that the server was effectively exposed to the Internet on various ports I did not realise that despite me setting up the Windows firewall to only allow logon attempts on the RDP port (Remote Desktop) from a fixed set of IP addresses, many if not all logon attempts were still getting through. I'm not sure why, but I seem to recall that the block only kicks in after a successful authentication, meaning bots were still probing my server 24/7. Not good.

What I needed was an easy way (by this is not what exactly easy, neither is that) to block hacking attempts with configurable bans based on IPs.

The best and simplest tool I found for this job was RDPGuard. It runs as a Windows Service and can easily be configured to block brute force logon attempts.

I can really recommend it if you run a public facing Windows box without a dedicated firewall. They offer a free, fully functional trial on their website.

IIS 7: Allow One IP Address, Block All Others

Today I found myself having to configure IIS under Windows Server 2008 and I needed to restrict access to a specific directory by IP address. It was quite tricky to figure out how to do this due to Microsoft's idiotic way of presenting what could easily be a straight forward user interface operation...

What follows are the steps involved to block all IPs in IIS, and granting access to one specific IP. As fa as I can tell this will work both on a site and a directory level (in my case it was a virtual directory that needed restricting).

› Read Full Article

'The format of the specified network name is invalid' - IIS Error 0x800704BE

Oh don't you just love cryptic error messages that could mean one hundred and one things? Yeah, me too.

So in the interest of some poor soul (maybe it's you ;-) searching on this topic in the year 2142 I decided to point out what resolved this issue for me.

Background: I am running Windows Server 2008 R2 with IIS inside a Hyper-V instance. The VM was configured with a static IP and each IIS site was configured to bind to that IP, and that IP alone.
I transferred the VM to Amazon EC2 (using the ec2-import-instance API) since I wanted to move away from having to maintain my own physical hardware. Long story short, once transferred I was unable to start any of the IIS sites, they all failed with the error 'The format of the specified network name is invalid - Error 0x800704BE'.

› Read Full Article

Microsoft Releases HTML5 Video Player Framework

The following tweet by Mike Downey caught my eye this morning. He announced that Microsoft have released Player Framework, which in their words is 'an open source video player framework for HTML5, Silverlight, Windows Phone and other application platforms'. Upon closer inspection it is the former Silverlight Media Framework, shifted towards HTML5.

It's interesting to note that this Player does not use Flash as a fallback technology, but enables developers instead to use Silverlight, or indeed choose from a variety of combinations such as HTML5 only (video tag), Silverlight only, fallback to HTML5 or fallback to Silverlight.
Whilst the player itself looks as one would expect, offering features such as mute, poster frame and full screen mode it also claims to add support for plugin models, advertising standards support, W3C timed text (TTML) for captions amongst other things.

What the demo also shows is the effort involved in providing a consistent cross platform experience when using the video tag. I'm not sure why, but when I tried the demo in FireFox on my Mac the 'Fallback to Silverlight' went straight to Silverlight and did not play the HTML5 content, but the HTML-only tab worked fine. Moreover since Silverlight does not seem to be compatible with the 64bit mode of my browser I saw no content at all, just a prompt to install Silverlight (which I am sure I already had installed - but maybe only a 32bit version?). I guess we can blame this on the beta status of the framework. But why not fall back to Flash anywhere? Is it really just because Flash-hating is a sport these days, or do companies simply not care about providing a good user experience? Is it too much to ask to detect the fact that I cannot run Silverlight and serve up a SWF instead?

Fullscreen mode is another sore point it seems. Whilst the framework claims to support fullscreen mode it really is just a full-browser mode - that's not full screen in my book. I also noticed some audio problems which surfaced in a delay when mute and unmute was selected.

All in all I congratulate Microsoft for putting in some effort and I am sure adding Flash fallback (let's be serious here: it makes a lot more sense than Silverlight fallback) would not be too difficult.
The plugin architecture of the framework also looks very useful, and some of the core features of the player are implemented in that way, with JavaScript providing the glue to it all.

You can check out the player demos here.

Configuring RTMFP Unicast on EC2

A few weeks ago I was testing some of the FMS4 features on a Windows EC2 instance. My goal was to use RTMFP (usually used for peer to peer communications in Flash) in a client-server mode, basically replacing RTMP in order to achieve lower latency.
In case you do not want to read the entire post below, here's were I went wrong:
1) I did not open port 1935 over UDP, only TCP. As it turned out, RTMFP does require port 1935 over UDP for the initial contact. 2) I didn't configure the HostPort directive in Adaptor.xml correctly. Instead of adding the public attribute I had added the IP just to the node valu.
Instead of

view plain
1<HostPort public="">:19350-65535</HostPort>

I had configured
view plain

After correcting that I was able to connect via RTMFP. This also works when the Windows firewall is turned on, all I configured there was to allow the FMS .exe files through.
So that's the solution - more detailed info follows below.

› Read Full Article

IIS Error 500.19 When Using Virtual Directories

I've just encountered an annoying error with IIS 7.5 when using virtual directories. Since it took me a while to find a solution I am sharing it here.
I needed to add a virtual directory to an IIS site which allows me to access a bunch of flv files to deliver via progressive download. The virtual directory pointed to a folder outside my webroot and inside the Flash Media Server applications directory.
When I tried to access a file inside this directory via the web browser I ran into an error 500.19 'Cannot read configuration file due to insufficient permissions'.

It took a while and some Google searches until I figured out that the IIS_IUSRS account needed read permission for that folder. To add these I right-clicked the folder in Windows Explorer > Properties > Security > Edit > Add > Advanced > Find Now > Search for IIS_IUSRS > Select > Ok > Ok > Ok > Ok (yes, 4x Ok...).

What a palaver. Why I use IIS? Don't ask, but yes it is a pain to work with at times, as are Windows file permissions. If you want to implement something similar when the virtual directory target is in another Windows domain then you're in for a world of pain.

And one last tip: if you need your IIS site to display detailed error messages then this post by Mike Volodarsk has all the details:

Configuring an Access Database on ColdFusion for 64bit Windows 2008

I've just had to move a website from one Windows 2008 R2 Server (64bit) to another. The site was running on an Access database backend (don't ask...!) and I had forgotten how I managed to set up the datasource a couple of years ago - however I do remember that it was a PITA.

Unsurprisingly it took me a good 2 hours again today until the site was back up and running on the new server and there were a couple of things involved (at least I think these two steps are the important ones):
1) Make sure your site runs in a 32bit Application Pool in IIS. Ok, admittedly I am no longer 100% sure if this is needed but it works for me. I set up the site in IIS and configured it to use its own separate Application Pool. Then I selected 'Application Pools' in the tree under the server node in IIS, selected my site's Application Pool, then chose 'Advanced Settings' on the right under 'Edit Application Pool' and in the window that opened I set 'Enable 32-Bit Applications' to True. I also changed the '.NET Framework Version' to 'No managed code' in order to disable .NET altogether for this site (it does not use .NET and I think some server error 500s I was seeing were caused by this, however I cannot be sure anymore. What I am sure about though is that my site works using this setting :-)

2) Next I needed to set up the datasource. Usually you do this in CF Admin but if you try this on a 64bit Windows machine it is likely that you're presented with an error. If you use the OS's ODBC Data Source Admin then you won't see any Access Drivers listed because the default ODBC Admin is the 64bit version and that one does not have an Access Driver. You must therefore use the 32bit version which can be found at C:\Windows\SysWOW64\odbcad32.exe

Once I set up my datasource using this tool I was able to get my site up and running again.
Hope this helps someone. And no, the site in question is not this blog :-P

Installing ColdFusion 9 on Windows Server 2008 64bit

This blog is slowly turning into a ColdFusion site it seems :-) Blame ColdFusion for that, it's the one application server that I know a bit about and I really like working with.
Today I needed to install CF9 on Windows Server 2008 64bit and I ran into a few issues which forced me to reinstall a few times. I've now managed to install it successfully so here are a two tips that may safe you some hassle if you like me encounter a HTTP Error 404.3 - Not Found.

First off, I was using IIS 7.5. As you may know, you need to install the web server role onto Windows Server 2008 first and it seems that everything labeled IIS6 tools and compatibility tools should be installed as well, so do that first. Then when running the CF installer right click and 'Run as Administrator'. Once I did that it was plain sailing, but not much joy without those two boxes ticked.

Why Ditched Silverlight

I know I know, I really should not feel as much Schadenfreude as I do over this topic but it's just too good to miss (and hey, any chance of something like this happening to Adobe and I'm sure the dark side would be all over it ;-)

Some may argue that this is not a big deal - you win some, you lose some - but is no small fry. Cnet describes it as 'the Web's most successful subscription service' serving half a million (!) subscribers.
What went on behind the scenes is now starting to emerge as - according to Cnet - Microsoft points the finger at 'a series of glitches and conflicts between the companies'. Moreover, the lawyers are now apparently involved which sounds like a major fallout to me. MLBAM's CEO is even heard talking about an 'ongoing dispute with Microsoft'. Oh dear. Can it be worse than Adobe and Apple banging heads over Flash on the iPhone? Maybe.

I guess we'll have to see how things progress for Silverlight, but I still fail to see the real advantage of the platform, at least from a user's point of view. Sure, it must be great being a .NET developer now being able to hack away at a new platform, using new (and existing) tools, but what problem is this plugin really trying to solve? What does it offer that Flash hasn't been doing for years? I'm a developer myself and naturally curious, but so far I have had next to no urge to even install the Silverlight development tools (which ideally require you to run Windows as you desktop OS).

I know I keep asking this, but where are the impressive Silverlight apps built by the Silverlight community, I mean those that did not make the showcase pages (yes, we;ve seen the Olympics now. And Netflix. Next?), and why does it seem that all the existing showcases are built around a video experience? It's not all about video you know!?
Let's revisit this topic in a year. What do you think the RIA playing field will look like then?

Microsoft Announces Live Smooth Streaming - Adds Copies DVR Capabilities

Many of you may know that MIX09 is in full swing and Microsoft has announced not only Silverlight 3 Beta but also added some new live streaming capabilities to its platform.
Once of those additions is a feature called Live Smooth Streaming which, if I understand it correctly, provides the equivalent to Adobe's dynamic bitrate streaming by offering fallback bitrates if the connection speed on the user's side fluctuates. The term 'Live Smooth Streaming' is a little bit deceptive however since this service - as far as I understand it - is not true streaming at all, however it comes close to a streaming experience. Instead it uses chunks of HTTP progressively downloaded material to provide a stream-like experience. I guess 'Live Smooth HTTP Download' doesn't sound as sexy.

Another feature is the so-called Live PVR, basically a total rip-off of Adobe's DVR functionality introduced recently to FMS which lets users rewind a live event and catch up to it as well. Microsoft describes their service as a 'PVR in the cloud', and it runs on top of IIS 7 and Windows Server 2008. Ben Waggoner has all the details, mixed in with some marketing fluff.

While it's great to see competition take hold in this space I would really wish for Microsoft to be more innovative at times. Of course they are playing catch up with Flash on the Silverlight front, but I generally expect them to be more experienced in the video streaming space (they've been doing this for much longer than Adobe). We've seen a glimpse of the fact that Microsoft is able to innovate during the preview of the out-of-browser install feature in Silverlight 3, but the blatant copy of Adobe's DVR functionality seems a bit cheap to me. If copying can't be avoided then so be it, but couldn't you at least differentiate the feature a little bit, or top it somehow? That would really get Adobe into gear too and maybe speed up some of their own initiatives - I've heard they are working some new FMS features.

More Entries