If I had a buck for every time someone came to me with a problem accessing their SQL Server from a website (in Windows authentication mode, not SQL authentication, naturally), I’d have about four bucks. That’s good, because I’m not meant to be the go-to guy for SQL Server access from IIS instances.
If I then had a buck for every time the answer was “Kerberos Delegation”, I’d probably have about, oh, twelve bucks. I’m nosey and invade other people’s conversations. At least eight of those should have paid up.
Darwin (who works in the sneaky Developer Tools Support section of the local GTSC (splitters!)) started (and stopped) blogging last month, but covered much about delegation in his brief time in this universe.
There’s also a nice, concise MSDN Mag article on it by Keith Brown.
My $0.02: it’s almost always a duplicate SPN (nb: the article covers computer accounts, but it works just as well on users), especially if you’ve done everything right, and still can’t get it working, and someone else was trying it before you showed up. SPNs have to be unique within the forest. And they need to be applied to the security principal doing the decoding of the Kerberos ticket (like the web application process identity).
Quickie: When used to configure NLB for an array, ISA Server 2004 Enterprise Edition enables the NLB parameter UnicastInterHostCommSupport, available in Windows Server 2003 SP1 and later.
This means that all other things being equal (eg, your rule set permitting it), two unicast hosts with NLB enabled should be able to chat using their dedicated IP addresses. Remember, any non-dedicated IP address is assumed to be balanced by NLB, so your mileage will vary*.
I mentioned UnicastInterHostCommSupport before (but not that it was enabled by ISA).
My trial decoder run of Intervideo’s WinDVD decoder expired at home mid-week, so I tried out PureVideo one last time, but it didn’t seem to be deinterlacing well at all, despite the settings I used.
So, my Nvidia problem is essentially solved now, by buying WinDVD 7 instead. It doesn’t seem to have any tweakable options that affect MCE playback (that I’ve seen), but it just works. So I’m happy.
Finally, someone in marketing decided that a product name could be both functional and cool! Windows Defender has to be the best product name since, oh, um, Proxy Server 2.0. Sort of.
The Antimalware team (I read it as “animalware” twice, curse my eyes) have just started blogging, so go check ’em out. And they cover more than just Defender (kudos to anyone that calls the next anti-malware product “Asteroids”).
Another real quickie: Anders from Sweden has just started a blog, and posted an interesting tip/script fragment for PasteOff, using Explorer to view the folder that the file was just saved to.
That’s pretty useful when you want to do whatever it is afterwards. And it can be added easily to any other script you’re running to upload the file (or whatever).
Thanks Anders, glad you find PasteOff useful.
I hadn’t even heard of FolderShare before the announcement that we’d acquired them, but having just synced my first few files and folders, I’m going to be using it much more.
I found the setup a little counter-intuitive (in that I hadn’t seen it before and doing this type of thing through a web interface after downloading the GUI portion didn’t quite map to anything I was expecting), but the sync seems speedy, and it’s convenient not to have to email myself files so I can download them from OWA. (VPN is a long, broken story…)
Caught over at the Exchange Team blog, an article full of useful tips.
My new best friend is going to be the equals sign:
Putting an = in front of the e-mail alias that you are trying to resolve when composing a mail will automatically resolve it to any exact matches. Tired of typing johnr in to the To: line and being prompted as to whether you meant johnred or johnr or johnreb? Well no more, simply type in =johnr and the name will automatically resolve to johnr when you use the super nifty hotkey ctrl-k that you leaned about in hidden tip #1. This works in Outlook as well.
More at You Had Me At EHLO…