Recently, I posted on my Google+ account how I was dealing with an incredibly frustrating problem with an ASP.NET website we migrated to our new IIS hosting server. After several days of on and off research into this problem, and discussions with the site’s developers, a variety of blogs and tech articles finally revealed the cause of the problem.

Symptoms:

The most frustrating part of this problem were the oddly specific symptoms it was showing. The website’s default page contains a login form in order to proceed further into the “member’s only” site. When you would navigate to the site as anyone normally would (www.***.com) the above error would occur. However, if you explicitly defined the default page (www.***.com/default.aspx) the login would work without issue. Researching this issue was troublesome as many articles were unrelated, and the few articles or forums that were similar failed to have a resolution, only work-arounds.

Problem:

Quite obviously, the problem is with the Handler Mappings. For some reason, IIS was incorrectly assigning an isapi mapping if the URL did not contain a specific extension (.aspx, for example).

After some discussion with the developers it was discovered that the site contained Response.Redirects, which would eventually lead to the discovery of the problem:
Service Pack 1 for Windows 2008 R2 breaks ASP.NET routing
Special thanks to this blog: http://www.shanmcarthur.net/Default.aspx?DN=7d0cd525-bbc5-46c3-8096-95f93827aeea 

Resolution:

As stated in the blog above, a fix can be located here: http://support.microsoft.com/kb/980368

However, this problem can also be resolved (if you have access to IIS) by simply removing (without coding) the ExtensionlessURLHandler mappings from the Handler Mappings of the website.

As soon as I had removed these mapping entries, the problem was instantly resolved.

The Nitty-Gritty:

Now that I’ve given you the overall details of this problem, I’d like to share the, in my opinion, amusing story of how this all went down.

Last week, Piast Technology officially launched our new Windows 2008 R2 x64 IIS/ASP.NET hosting server which is now available to all clients requiring ASP.NET hosting. The first site to be hosted on this server is an ASP.NET site developed by one of our clients. The site was completed and had gone through beta testing on the client’s development server. All that was left to do was migrate the site to our live production environment and we were ready to roll.

All custom IIS settings were exported from the development server (with an identical OS/IIS setup as our server) and then imported (with code and SQL database) into our production environment. All necessary security configurations were applied, and the site was started.

At first glance, the site appeared to be working correctly. However, when we tested the login functionality absolutely nothing happened. The site was developed to suppress errors, so we would had to look at the server logs to figure out the problem. There, we discovered, was the following ASP.NET error:

Exception information:
    Exception type: HttpException
    Exception message: The HTTP verb POST used to access path '/' is not allowed.

Now, I hate to admit things like this, but I had never seen this error before; neither had any of the developers. Immediately, I understood that there was an issue with the Handlers… but it did not make any sense. The IIS settings between the two servers were identical. Why was this working on one server and not the other?

My first step in troubleshooting this issue was to try to explicitly define the page I was trying to use. Instead of simply going to the site, I went to thesite/default.aspx and tested again. This time, the login worked as it should.

Obviously, an easy work-around for this problem would be to set up a redirect to simply forward any attempt at access “/” to “/default.aspx”. However, going back to the developers and politely asking them to change their code because our server was doing something funny is exactly a habit I intend to get into.

Researching this problem was, as it turns out, incredibly difficult. It seemed that almost nobody had an issue like this before… and the fact that it was working on the development box, but not on our brand new production server only added fuel to the frustrating fire. What were we doing wrong? I was concerned that this would reflect negatively on our business.

Finally, after working with the developers, more details were revealed that would finally lead us to the resolution. The site utilizes Response.Redirects in the Site.Master to point all POST forms, etc… directly back to the page. Because this code was required for every page (not just the default page), the action could not be specifically defined to point to default.aspx.

This revelation would lead us to a forum discussion concerning a similar problem involving AJAX. While the details were not exactly the same, it did point us in the right direction. The Response.Redirects were involved in the problem, and the solution for most people was to remove the wildcard (Static File, etc…) handlers for the Handler Mappings. After some trial and error, we finally discovered that by removing the ExtensionURLHandler mappings the login functionality would work as it should.

It seems that by doing this, we were forcing IIS to dig a little deeper to find what it was supposed to be doing with the POST information it was receiving.

Hooray! The problem was solved.

Last night, however, I couldn’t sleep. It was driving me mad. Why was our server different from the development server? I can’t live with an “I dunno… but it works now, hurr” type of answer to this problem. Fortunately, armed with the latest knowledge of how we fixed the problem, I was able to more accurately research the issue.

Finally, I discovered the following blog article: http://www.shanmcarthur.net/Default.aspx?DN=7d0cd525-bbc5-46c3-8096-95f93827aeea

This new personal hero of mine spelled out exactly the problem we were having and why. As it turns out, the development server did not have Service Pack 1 for 2008 R2… and our’s did.

It was that simple…
and now that the feeling of “I’m so stupid… why didn’t I catch that” has subsided, I am just completely stoked that this is no longer a mystery issue and I’ll get some sleep tonight.

It seems like a pretty logical move on their part. Moving to the cloud is the big thing these days. Why, just the simple mention of the word “cloud” in this blog is sure to pull in a few extra page hits. However, it’s not just something you can dive into with a ripped wet suit, one flipper, and a faulty air tank and expect to be taken as a serious scuba diver.

Safety First: Always use Earthlink Cloud in your basement or storm cellar.

Unfortunately, it seems that Earthlink has done just that. Earthlink Cloud has recently become my go-to example for a bad hosting provider. It would appear that they have the best intentions, with competent engineers trying to make sure everything is running correctly, but a few rungs above those engineers on the corporate ladder there sits someone who is just a little too impatient to get this product out the door and make some money. When I think of a cloud, I want to think about a nice fluffy cloud where all my data is stored guarded by fat little baby angels with tiny golden harps. Earthlink’s cloud looks more like a scary cloud that keeps threatening to turn left and take out half of Florida.

Over the past week we worked on a project to migrate a client (WordPress site and e-mail) off of a Media Temple server (who we love and gleefully support) and over to the Earthlink Cloud. In theory, this is a pretty simple project consisting of 4 main phases: install WordPress and migrate custom theme, migrate database, migrate e-mail, and switch over DNS. I won’t bore you with the specifics of this adventure but here are a few fun points:

• The IP address listed in the Cpanel under “Shared IP address” is an internal 10.* IP address. I’m not really sure what the point of showing this is… but I wasn’t able to find the external IP address to use for testing (or for DNS entries later in the process) and had to finally call Earthlink Support to find out what it was.
• The email is hosted on a separate server. Which is fine if only they had listed that somewhere in the documentation… or given us any information at all on where that was. Again, we have to call to get the mail server information.
• The web-mail links that actually are provided point to the wrong server.
• Mail login credentials were not provided and we had to be given them, via e-mail, by customer support.
• If you’d like to solve problems on your own without having to contact customer support, you’ll be happy to know that the “KnowledgeBase” consists of 9 articles; almost none of them useful, unless you’re looking for how to connect your mail client to the mail server you don’t know about.
• Even though their Cpanel shows the link to do a quick one click install of WordPress, it doesn’t actually work and you’ll have to manually install it.
• If you’d like to test your site before you change the DNS entries you’ll have to edit your host file on your machine to access the server, because, as far as I can tell, they do not tell you how to access the site without it.
• The user interface of the “Client Area” of their site is horrible. Things you are looking for are very difficult to find and there are even buttons that literally have no text on them. (turns out they’re used to access Cpanel and wrongWebmail)
  

  Except for the pixelation, this is unedited.

• Finally, their DNS system is a complete mess that requires a full paragraph… or two.

This client was supposed to be fully migrated to the new server on Friday night so that they could get all of the kinks out of their new mail system over the weekend and be ready to roll again come Monday morning. The Earthlink Cloud DNS mess, however, has had us in a holding pattern since Friday night. The DNS control is made available via Earthlink’s “Client Area” under “My Domains”. Now, if you are migrating a company’s DNS settings from one server to another, ideally what you’d like to do is enter in all of the settings before you switch over the name server records at your domain registrar. With Earthlink, you don’t have to worry about having to do all that tedious testing… because you can’t. Earthlink’s domain control will not let you create any DNS records until you’ve pointed the name servers to the Earthlink Cloud’s name server. So, if you’re hoping for no downtime during this transfer, type fast and don’t make any typos. Also, while you’re at it, just don’t make the transfer at all because it won’t work. Add a record, and it doesn’t show up. That’s right, once you have pointed the domain to Earthlink’s name servers you still can’t make any DNS entries because the service does not actually work. Congratulations, your domain is now pointed to an empty name server.

After quickly pointing the domain back to Media Temple so that the site wouldn’t go down we submitted a ticket with Earthlink (since we had now been working on this project past their call center’s hours) describing our DNS woes. The next day (Saturday) they replied, requesting the DNS records we were trying to enter and they would enter them manually. We provided the records, on Saturday, and then heard nothing back… on Saturday… or Sunday… Finally, today we requested the status of our ticket and they replied by requesting the username and password of the Earthlink account we were using.

You know those security warnings you get from companies where they inform you that they will never ask for your username and password so never give it out to someone claiming to be from said company? Well, they did just that, over a plain text e-mail, mind you.

So here we are. We’ve spent 3 times as long working on this as we thought we would need to, and we’re still not done.

And to the person two or three rungs above the engineers on the ladder I say this: too much, too soon. You’re not ready for your own big boy cloud yet. I’m sure you’ve got the technology and the infrastructure in place to provide a wonderful service, but right now you provide something that doesn’t even scratch mediocre. By pushing your cloud out to the world too early you appear unprofessional and are permanently damaging your business name, and I, for one, can not recommend your service to anyone, regardless of how much money you may save them.

Due to most of my Information Technology experience involving servers and network infrastructure, I’ve always viewed my desktop machine as simply a means to do the things I really need to do. As such, my desktop always ended up cluttered, unorganized, and an embarrassment if I ever needed to show someone my computer.

Recently, however, I had to rebuild my laptop and decided that this would no longer be the case. I wanted to have a desktop that, when people saw it, got the reaction that I didn’t just know what I was doing… I loved working on computers. I didn’t just want it to be aesthetically pleasing; I wanted it to be useful, with all of my regularly used programs and system information in plain view, but in a clean, minimalist setup.

This is the result:

Now, anyone familiar with desktop customization will immediately recognize several of the pieces of this puzzle. Here’s the breakdown and then I’ll get to the How To / Description:

Summary:

HUD/Desktop: Rainmeter
Theme: Enigma
Big Clock: Arcs

Windows Theme:  Soft7 2.0
Windows Orb: Win8 Orb ‘black edition’ (small arrow)

Desktop Background:  Moraine Lake

The Breakdown:

Now, this is my first attempt at customization with Windows 7. Way back when I was a wee-little-geek with hours to kill in my Air Force barracks I used to tweak and mess around with customization for Windows XP… but this is a whole new game. So, as I stated before, anyone familiar with desktop customization will notice that I haven’t really gone into too much customization so much as I just found some commonly used themes and styles and adjusted them to my liking. For example, if you look at the picture on the Enigma page (link) you’ll see that it looks very similar.

However, I’d like to think that this is just the start. The more and more I mess around with it, the more ideas I get on other changes I can make.

Rainmeter:

The first thing I did was download and install Rainmeter. This little tool provides the means for all those neat things you see above my taskbar where your desktop icons normally are. It allows you to see system information (like you see in the lower left of my screenshot) and basically gives the framework for an infinite number of possibilities for displaying information right on your desktop. By default, Rainmeter comes with a simple theme that is meant to show you the things that you can customize, etc… but, you can do some searching around and find a pre-built theme that you like. That’s how I stumbled across Enigma.

Enigma:

Enigma is one of the most popular themes for Rainmeter, not just because it looks super cool without even much tweaking, but because it comes with a ton of skins (all the little apps and things you see) all completely customizable, with multiple different styles for each skin, and, if you really want to dig into it, excellent documentation on how to make changes to their .ini files. Provided you have Rainmeter installed, installing Enigma is incredibly simple. Then it’s just a matter of switching your theme over to Enigma and get tweaking.

Arcs:

Now, the first thing I noticed was when looking at the Enigma screenshot was that big clock thing in the middle. That thing is awesome looking, and I wanted it. I dug and dug through the Enigma skins but just couldn’t find it. Finally, after some quick Google searching I was able to find what I was looking for. It’s called Arcs and was created by the same brilliant designer that made the Enigma theme. As with Enigma, the install for this is incredibly simple, provided that you have Rainmeter installed. Then all you have to do is add the skin to your desktop and bam, you’ve got that really cool clock (which is actually way more than just a clock, each one of the those arcs is actually displaying system information, the skin comes with a legend to explain it all). Now that my desktop was looking spiffy, it was time to do something about that awful looking taskbar.

Soft7 2.0:

Anyone familiar with customization in Windows XP remembers that you used to be able to install custom themes (known as XPthemes), and with a little hacking you could even install themes that weren’t provided by Microsoft. Well, with Windows Vista and 7 you can still do that… but it takes a little more hacking trickery. Please keep in mind that this is not for the computer timid and requires a little risk taking. As such, the Soft7 2.0 page has a tutorial on what you’ll need to do to install custom themes for Windows 7, and that’s where I’m going to leave it. It’s not that I don’t want to explain the process here, it’s just that it would end up making this blog way longer than I’d really like it to be. So, if you’re feeling courageous, just follow the steps listed there and you’ll have the theme installed in no time (it’s really not all that hard, but I, personally, don’t want to take any responsibility if something goes wrong with your machine in the process).

There are a few other tweaks that I made after installing the theme to make it look a little more slick.

First, was adjusting the color scheme. This was a simple process using the Windows “Personalization”. Simply right click on your desktop and click “Personalize”. From there I clicked on “Window Color” at the bottom of the page, expanded “Show color mixer” and then dropped all the levels down to zero. This gave the windows and taskbar a look that blended in nicely with the Enigma theme.

Then, to make the Windows taskbar a little more subtle I switched to “Small Icons”. To do this, simply right click on the taskbar, click properties, and then, under the “Taskbar” tab, select “Use small icons” and hit “Ok”. This will reduce the size of your taskbar and make it look a lot sleaker.

However, that Windows “Orb” (formerly known as the start button) is really obnoxious looking and really clashes with the subtlety of the rest of the desktop. It was time to do something about that.

Win8 Orb ‘black edition’:

Like the Windows theme, there is no easy way to change the Windows Orb. It requires a little more hacking, but this time, fortunately, there’s a little application that can handle it for you. There’s a really simply tutorial over at How-to Geek that will walk you through the steps of changing the Windows Orb. Download the Win8 Orb ‘black edition’ and find the BMP file that you’re looking for. I chose the Small Arrow (6801.bmp so that it was flush with the bottom of the screen) because of it’s minimalist style and the Windows logo blends very nicely with the Enigma theme.

No more nasty Windows Orb! The only thing that this desktop customization needs is a really cool wallpaper.

Moraine Lake:

Nothing special about this step. Just find a wallpaper you really like and make it happen. I found Moraine Lake over at Interfacelift.com, a really cool site that can determine your desktop resolution and find ideal wallpapers.

The Future:

There are a lot of things that I’d still like to do on here.

For example, the Enigma theme comes with a really cool Music skin that can pair up with a number of different media players to allow you to control you music right from your desktop. I, personally, don’t keep much of a music collection and use streaming media like Pandora for my listening pleasure. The theme comes is compatible with OpenPandora, which is an application that’s supposed to connect to your Pandora account and play your stations. But, with Pandora’s recent move to their new HTML5 layout, OpenPandora no longer works, and, since it hasn’t been updated since ’09, it’s likely that it won’t be working anytime soon. Getting some sort of media control on my desktop is something I’d really like to figure out.

Also, before I settled on the Soft7 2.0 theme, I had wanted to get rid of the Windows taskbar and switch to a Mac OSX style “Dock” instead. Problems were rampant with this idea and I wasted probably 2 hours trying to make them work like a new taskbar. However, I haven’t completely ruled out the option of having a dock on my desktop. You’ll notice the 5 icons on the top middle of my screenshot, I’m thinking of turning that into a dock, allowing me to drag and drop application right onto there. Rocketdock is a good option for this. It’s very customizable and, with some tweaking, will blend in nicely with the Enigma theme.

Thanks!

For reading, I mean. I had a really good time diving into this and probably gave Google half of their total traffic yesterday trying to make it all work. With a little creativity, and a lot of time, there are some really awesome ways to escape from the boring, ordinary desktop.

With this is mind I wanted to start a small series of blogs that can help people understand that there are some very simple things that they can do to exponentially increase the security of their personal and business machines.

The system’s administrator account on your Windows 7 PC.

Your system’s administrator account is lord and master over your machine. It can access any file, change any setting, and has the potential to do some very very bad things. Not only that, but it can do all this without you even knowing it’s doing anything. So, knowing this leads me to my first tip which is easily the most important security tip I can ever give:

1. Do not use the administrator account as your normal user account.
The administrator account should never be used for internet browsing, email checking, or any other day-to-day tasks. By default, the first account you create when you set up a new Windows 7 machine is going to be a system administrator. Which means, unless you’ve created another account on your machine to use instead of that first account, you are currently running as the administrator. When you browse the internet, open email attachments, or even leave your administrator account logged into your machine you are opening your machine to viruses, malware, and intrusion. Viruses love your administrator account because they can install themselves, using the account you are logged in as, without you ever even knowing. Hackers love your administrator account because they can plant trojans which will allow them to access everything on your machine. So, I can not state it enough… the administrator account should only be used for administrating.

Fortunately, Windows 7 makes it very easy to create a new account and has a nice feature where, if you are logged in as a standard user but you need administrator privileges to do something, a pop-up will appear asking for the administrator password. This means that if anything ever tries to install itself, or make any changes to your computer, you will have to give it permission by entering your administrator password first. This drastically reduces the chance of unwanted malware being installed on your machine.

To create a separate, standard user account:

1. Open Control Panel
2. Under “User Accounts and Family Safety” click “Add or remove user accounts”
3. Click “Create a new account”
4. Create the new account as “Standard User”
5. *Recommended* Create a password for the new user by clicking on the user and clicking “Create a password”

Alternatively, if you’ve already been using your account for a while and like the way you have everything setup, you can create a new user to act as the administrator and then downgrade your current account to a standard user.

To downgrade a user to a standard user account (Note: you must always have an administrator account, so another account must be made administrator before you can downgrade the last administrator account to a standard account)

1. Open Control Panel
2. Under “User Accounts and Family Safety” click “Add or remove user accounts”
3. Click on the user you would like to downgrade
4. Click “Change the account type”
5. Select “Standard user” and click the Change Account Type button
6. Log off, and then back on again.

Now that you are running as a standard user you have completely the most important step to running a secure machine.

2. Make sure your administrator account has a strong password.
This is a no-brainer. After going through the steps of separating your administrator account from standard account, it would be pretty pointless to have your administrator password be your last name, or even worse, have no password at all. Now, depending on what sensitive information you are storing on your machine, your password does not necessarily need to be a random string of letters, numbers and symbols 24 characters long, but there are things that you want to avoid. Think to yourself, if I were trying to guess the password to someone’s account (not saying that you ever would) what would I guess?

• Don’t use any variation of “password”. These are pretty much the first thing anyone guesses. Just replacing a character doesn’t cut it. P@ssword, Passw0rd, Password1, AdminPass… these are all pretty standard guesses.
• Don’t use names. Truth is, a good portion of the time, someone trying to access your administrator account knows you. They’re likely to guess your name, last name, spouse’s name, children’s names, pet’s names, etc…
• Don’t use whole words. Most hacking attempts trying to crack an administrator password use libraries. Essentially, they use software to dig through a list of common words or passwords. A password of “apple” will easily be cracked by a brute force attack.
• Do use something you can easily remember. You need to avoid having to write down your password. That sticky-note on your screen is pretty easy giveaway.
• Do mix it up. Common practices are to replace letters with numbers and symbols. These are catching on and are starting to be guessed by hackers, but if you’re creative enough it will be pretty unhackable. Think along the lines of “L3tM31n!” you’ve simply replaced the vowels with numbers. Also, think outside the box with things like keyboard patterns. “!Z0m@X9n” may look like impossible to remember gibberish but if you look closely it’s actually a pattern that moves around the keyboard.

To change any user’s password:

1. Open Control Panel
2. Under “User Accounts and Family Safety” click “Add or remove user accounts”
3. Click the Account whose password you want to change
4. Click “Change the password” or “Create a password”

You administrator account is the key to your machine. Treat it as such and make sure no one can access it that isn’t supposed to.

3. Make sure your administrator account name is NOT “administrator”
This is as true for desktops as it is for servers: a secure system never has an account named “administrator” (or if it does… it has no access rights). If someone is trying to access your computer and you are using “administrator” as your administrator account, then they’ve already won half of the battle. A user account is just like a password: if you mix it up, the intruder will have to guess what that is before they can even start guessing what the password is. If your administrator account is “TacoKing” the hacker can bang away on “administrator” all day if they wanted, they’ll never get in.Avoid all variations of “administrator” as well. “admin”, “admin1″, “user”, “user1″, etc… will all be guessed by the hacker.

Fortunately, as discussed earlier, Windows 7 does not use “administrator” bydefault anymore. (Edit: Actually, it does still have an “administrator” account but it is disabled by default.) The default administrator is whatever account name you chose when first setting up the machine. However, here’s how to change the account name of any user on the machine:

1. Open Control Panel
2. Under “User Accounts and Family Safety” click “Add or remove user accounts”
3. Click the Account whose name you want to change
4. Click “Change the account name”

There you have it. In 10 minutes or less you have done more to protect against viruses, malware, and hackers than any anti-virus on the market can provide you. (You should definitely have an anti-virus too… just make sure you’ve taken care of your administrator account first.)

First is the cost.  I saved $7.50 per month when switching from BlackBerry’s BlackBerry Enterprise Server to ActiveSync, which Android uses to synch my email, calendar, and contacts with Microsoft’s Exchange email service.  For small organizations the savings per month really add up when multiple users are affected.

Second is the applications.  BlackBerry has taken a long time to get to where iPhone and Android are with their applications and they are still not there in terms of he quantity of applications available.  Not to mention that the touch-screen interface of both the iPhone and Android devices makes the use of the applications much more friendly to use.

Finally, social media.  Both the iPhone and Android have raced to the forefront of the social media realm focusing on capturing your everyday user where BlackBerry was traditionally focused on the corporate user.  This has lead to more and more users adopting Android and iPhones in their personal lives to take advantage of the Twitter, Facebook, and other apps and then falling in love with the other features of the phones.  BlackBerry has these apps but, in my experience, they do not work as well.

It is going to be interesting to see what BlacBerry does to compete with the makers of Android devices and Apple with the iPhone…I, for one, would like to see more touch screens.

TJS

Please make sure to check out our current offers that are going on.  We look forward to hearing from you.