Thursday, March 11, 2010

WireShark broke XP Mode

I know right now, that Ben Armstrong over at MSFT is reading this post and I have no idea what he is thinking to himself except I am sure that it is something along the line of - “no, it didn’t”  [but I made him look  ;-)  ]

And, technically, he is right, it really didn’t but the initial perception is that it did.

Okay, the background – XP Mode is the new Win7 feature which is actually the new VPC 7 (VirtualPC 7 – not VirtualPC 2007) with a pre-built Windows XP VM (that you have a legal license for as long as you run it in this intended way).

That means that there is a virtualization engine running on your system, one that interacts with your processor, one that takes RAM, and one that owns (PWNs - http://en.wikipedia.org/wiki/Pwn) your networking stack.

And it is actually some interesting side behavior that caused me installing WireShark on Win7 to break the networking in my XP Mode VM.

When an XP Mode application is closed – it really isn’t.  When an XP Mode Desktop is closed – it really isn’t.  The XP Mode operating system is simply put into a paused / saved state by VPC – kind of like hibernation.

The side effect is that the OS in the XP Mode VM is rarely rebooted or cleanly shut down (as we all know that XP likes to be).  So if things change we are in the automatic thinking of reboot.  that takes a bit more.

Anyway, back to networking and desktop virtualization engines.

What happened is that in the act of installing WireShark – I moved the networking stack away from VPC7 – thus my XP Mode VM can no longer connect through the virtual networking layer that I had it configured to use.

Yes, I installed WireShark (it added WinPCap) and I used it and went along my merry way.  All was fine until the next morning.  I maximized my XP Mode application (which was running along happily in the background the entire time, during the installation of WireShark and all) and boom, it cannot connect to its back-end server.

Hmm, I open the full XP Mode desktop – IE cannot get out either.

Well darn, I know I need to reboot my Win7 machine (I really know that is what I have to do).  But, first I try the futile hope of shutting down and restarting the XP Mode VM.  Futile yes, and a waste of my time.  The result was as expected, not networking love for my XP Mode VM.

So, I try to logon to my XP Mode VM as the local administrator – hmm… no love, I try a second time - I get an error that the system is busy with an existing Terminal Server session.  Okay, I bet it is tearing down my previous logon attempt and resetting the listener in the VM.

But, I can’t log in to the silly VM to shut it down and I need it powered off.

Time to “Disable Integration Features” – Now, I can logon as the local administrator of the XP Mode VM.

…time passes…  That was NOT fun.  I had to attempt to logon to the XP Mode VM multiple (4) times, each time I did the VM went straight into the mode of installing updates and shutting down.

Mind you, I have been working on PowerShell and WSMAN for the past few weeks.  I have all kinds of IE Tabs and windows open, documents, PowerShell Plus, etc.  I really don’t want to reboot – but I run Visual Studio in my XP Mode VM (I hate all the baggage that Visual Studio installs in my client – not good for testing).

In the end, yes the reboot of the entire system solved the problem.

The moral of the story – If you have a virtualization engine and you mess with the networking stack, plan to reboot, you will be broken until you do.

Tuesday, March 9, 2010

Just because you can - should you?

This is a question that all administrators must ask themselves at any point in time.

I have know quite a few very creative IT folks in my time, and we can all come up with very clever ideas, combinations, and adaptations of technologies.

Part of my role is to question why.  It is actually part of my job.

I frequently come across things I read by folks and I just think to myself, why the heck would you do _that_?  Just because you can? 

When I worked as an administrator I quickly learned the user dictum:  “Because they can, they will”

Yes, this is generally said in a demeaning way, referring to users, when administrators talk to each other, to their managers, or to folks that write software.

I still say this over and over to the developers I work with.  Generally framed with a statement like:  “If you don’t want them to do that..” or “Of course I entered 300 characters into that field” or “there was no error checking to stop me”.

Think about that as you apply technology or attempt to break technology.  It is all about the intent.

Are you intending to break it?  Do you just not know any better / or not understand it?

If you don’t understand it, then read and ask questions.

As a person who tests software – I absolutely say, yes do it.  But do it in a controlled and smart way.  Pay attention to the entire environment, not just the buttons you are clicking on.

It is usually the greater environment where the real bug exists.