Amazing!
Admins, myself included, have worried about the machine SID for years and years. Way back it was ghosting, now it’s with virtualization. We made sure to create a new SID after creating servers from server images.
It turns out that this has been a non-issue all of this time, a non-issue that everyone, Microsoft, Mark Russinovich and administrators all over bought into for over a dozen years.
A few weeks back I heard rumor that Mark Russinovich was going to expire NewSID. I figured it was because there were just too many SID references to keep track of that he wasn’t going to maintain that tool forever. It turns out that it’s for a completely different reason.
The machine SID does not have to be unique for security reasons, and Microsoft applications don’t depend on it in their usage. Mark’s blog post here covers all of the details:
http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx
However, it’s important to note the difference between machine SIDs and domain SIDs. Additionally the machine name must be different, and the domain controllers themselves can’t have the same SID as any member servers.
I am watching this thread with interest because situations do arise where people run into issues with WSUS and other tools where generating a new SID resolves their issues. However Mark’s comments suggest that it’s related to the domain SID or the domain controller having the same SID as the members.
If, after some burn-in time, this is confirmed to be the case, it will save a lot of work that administrators spend considerable time worrying about . . . apparently needlessly.
Read the post, it covers it in great details.
The final release of the Web Deployment Tool (aka Web Deploy or MsDeploy) has been released to the web. This is likely more significant than many people realize.
At first glance, Web Deploy seems like a tool for system administrators to copy sites and settings between servers (IIS6 to IIS6, IIS6 to IIS7 and IIS7 to IIS7). It does do that, including SSL, COM, GAC, ACLs, registry, content and more.
However, Web Deploy is likely to become a major deployment method for developers too. Visual Studio 2010 will have native support for Web Deploy, offering the ability to deploy a entire website with the single-click feature of VS2010. What’s also impressive is that it’s so lightening fast. Only the file changes are copied to the server rather than an entire push like you would normally see with FTP. Furthermore, everything is over SSL, making it a highly secure technology.
It doesn’t stop there. Web Deploy extends IIS and addresses some of the common limitations of remote delegated management in IIS. With the Web Deployment Tool properly configured by a web host or system administrator, it’s possible to mark folders as applications with IIS Manager and even recycle, stop or start app pools.
At ORCS Web, we’ve installed this on all of our IIS7 Shared Server solutions so that our customers can enjoy Web Deploy. Until Visual Studio 2010 comes out, IIS 7 Manager is the best tool to leverage Web Deploy features.
Taking Web Deploy for a Spin
To try it out you’ll need a web host or server that supports the Web Deployment Tool. Using the information provided by your server administrator (or web host), connect remotely to IIS 7 using IIS Manager.
Once connected, you will likely get prompted to install some add-ons. Confirm that you want them and approve the install. Don’t let the install fool you. You *must* still install Web Deploy separately since the IIS Manager install doesn’t include everything necessary. Go to the Web Deployment Tool page and download the Web Deployment Tool and install on your local computer. Only the UI components are necessary on the client side. When completed make sure to restart IIS Manager.
Recycling and managing Application Pools
Once you’ve connected and have the Web Deployment Tool installed, you can start to manage your website through IIS Manager in ways not previously possible.
Clicking on “Recycle…” will give another screen allowing you to choose between 4 options:
Hopefully your host or system administrator makes sure that you aren’t sharing the app pool with any other sites, otherwise you will indirectly impact them. Note that these features are only available if your host or administrator supports them. At ORCS Web, we support all features shown in the blog post.
Marking/Setting and Removing Applications
Notice that you can also delete an Application and Content, or if you right-click on a normal folder, you can convert it to an application, as shown in the following image:
Deploying Website
The actual copy features of the Web Deployment Tool aren’t quite as easy, but they aren’t too bad when you understand the concepts. The power of the Web Deployment Tool will make much more sense with Visual Studio 2010, but I’ll detail here how to deploy your website using IIS Manager and the Web Deployment Tool.
First, you need to “export” whatever site you want to deploy, then you “import” it where you want to deploy it to.
To export your site, right-click on the root of the site or any application and select Deploy –> Export Application. You cannot export a normal folder without first converting to an application. The export step is likely your local site that you want to deploy to the web.
Follow the wizard and make any changes that you need. There are a number of changes and customizations that you can do, although it’s likely that not all of them will be supported by your web host or server administrator.
Press Next –> Next. When you’re prompted for the filename, save to somewhere on your computer and give it a .zip extension. For example c:\MySite.zip.
Now you have a bundled package of your site which the Web Deployment Tool will use on the Import step.
After you’ve created the package, select the destination, which is likely the site or vdir on the remote web server. By now, you know the drill. Right-click –> Deploy –> Import Application. Select the file that you just saved to your local computer.
Press Next and you’ll be presented with a similar screen to what you received during the export. You can edit this for your particular deployment.
Press Next and you’ll be given a choice of the subfolder that you will create during this deployment.
After pressing Next, your site will be deployed to the server. If you have a large site, only changed will be copied to the server on subsequent deployments.
I expect that the Web Deployment Tool will be used a lot more in months to come. The tool itself works behind the scenes but it will be leveraged from tools like IIS Manager, Visual Studio and likely many more in the coming days. Keep an eye on this tool since we may see more of it.
Sometimes it’s necessary to find out host machine information from a particular guest virtual machine.
With Hyper-V Integration Services installed, the following registry key contains information about the Host server:
HKLM\SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters
Some keys of interest are:
- HostName
- PhysicalHostName
- PhysicalHostNameFullyQualified
- VirtualMachineName
- Plus a number of settings about the Host Server’s version
This is maintained in real-time. For example, if you rename the virtual machine name in Hyper-V, VirtualMachineName is immediately updated in the guest server, assuming that it’s running. And, even if it’s not running at the time that you rename the server in the host, it will be reflected when powering on the VM or restoring from a saved state.
Keyboard shortcuts can be huge time savers, so I’ve been pleased to see the many additional shortcuts and mouse movements supported with Windows 7.
This is a quick blog post on a couple favorites of mine.
- When you have a program already opened on the taskbar and you want to open a new instance of that program rather than displaying the already opened instance, Shift-Click. This will start a new instance. I use it all the time for applications like Chrome and Notepad.
- Use the Windows key plus a number to open a program. For example, I have Chrome as my 2nd icon so Win-2 will always open Chrome.
- If you want to open a new instance using your keyboard use Shift-Win-2.
- Be sure to pin your favorite icons to the Task Bar, and your secondary icons to the top of the Start menu.
Here are some links to more good shortcuts:
http://windows7news.com/2009/03/22/master-list-of-windows-7-keyboard-shortcuts/
http://lifehacker.com/5132073/the-best-new-windows-7-keyboard-shortcuts (includes video)
I recently upgraded my home Windows Server 2008 Domain Controller to R2. The upgrade process itself wasn’t too much work but was a bit more than ‘next, next, finish’ because the AD schema needed to be updated and the installer required that WSUS be uninstalled first. But, those weren’t a big deal.
However, after the install, I got the strangest behavior. Visiting some websites like www.microsoft.com, www.bing.com, www.windowsupdate.com and a number of other Microsoft websites didn’t work. However, other websites worked perfectly. In fact, www.google.com still worked. It’s almost as if Microsoft decided they didn’t want to grow their search engine market share anymore and would start blocking their visitors. :)
What made it even more confusing was that if I viewed the errors in my browser, it timed out and gave a DNS error. However, if I pinged the DNS name, it worked.
(feel free to skip to the bottom for the fix if you don’t want to read the details)
I did some searching and didn’t find an answer (although now that I know what search terms to look for, I see that others have run into this now). I tried all the basic troubleshooting methods to no avail.
I skimmed some R2 release notes I found and I saw that there were EDns (EDNS0) changes with R2 but it was pretty vague. EDns is a relatively new DNS protocol extension that is still coming of age. Later I realized that I was on to something here.
I realized that I would need to fire up Network Monitor to get the story. After running Network Monitor, an issue was immediately apparent as seen from the following screen shot snippet:
First, I wondered why my search for bing.com returned search.ms.com.edgesuite.net. The answer to that wasn’t hard to find. Those are the DNS names of the Akamai CDN which Microsoft uses for a lot of their sites. The real issue there is the “Response – Format error”.
I looked at the request and the results for a while and it seemed straight forward, so I did a network trace on a working server and found that R2 added some extra information. Notice the bottom line of the following image with the “AdditionalRecord: of type OPT on class Unknown DNSClass”. The network trace on the working server didn’t have that.
So, I knew at this point that R2 was adding something that the Akamai DNS servers didn’t like. I did a search for OPT and discovered that OPT is used in EDns. I found a registry setting called EnableEDNSProbes which disables EDNS when set to 0. After setting that and restarting the DNS Server service, everything worked perfectly. I set it back again and it stopped working, so I knew I had narrowed it down.
While searching for information on EDns, I discovered that some DNS servers will attempt to make a EDNS probe, and if it fails then it will try again with a plain query. That allows it to always work regardless of the support of the other DNS servers. However, after testing I found that Microsoft DNS doesn’t do that. EDNS can either be ‘on’ or ‘off’. Bummer, I thought that was a good idea.
Testing further I discovered that it’s not enabled by default on Windows Server 2008 RTM. I tried on another R2 server that wasn’t in production yet and confirmed that the issue appeared there too. So, the issue wasn’t that something changed with EDns, it’s simply that it was enabled in R2 for the first time.
The reason that it failed in the web browser but worked with a ping is because the browser followed a redirect and failed on the redirected address and not the original address. The ping didn’t follow the redirect so the failure never occurred.
It appears that the same issue occured when Windows Server 2003 was released: http://support.microsoft.com/kb/832223. I don't remember that occuring and being a big deal so I suspect that Microsoft must have made changes to the default with later service packs or hot fixes.
Conclusion
It appears that the Internet isn’t fully up to date and ready to use EDns quite yet. The solution for this is to disable EDns and wait another year or two until Akamai and other DNS servers catch up, or Microsoft releases a hot fix to support the failback option I mentioned above.
Note that this isn’t a problem for most Windows Server 2008 R2 member servers. It’s only a problem for DNS *servers* that do recursive lookups. i.e. likely only your domain controller will be affected if that is where your DNS Server role exists.
Fix
To disable EDns, you can do it from the command prompt, or by editing the registry.
From the command prompt, no restart of DNS is required. If from the registry, make sure to restart the DNS Server service.
Command prompt:
dnscmd /config /EnableEDNSProbes 0
No restart is needed. It takes effect immediately.
or Registry: </>
Create a DWORD called EnableEDNSProbes and set to 0 in HKLM\SYSTEM\CurrentControlSet\services\DNS\Parameters
Restart the DNS Server service for it to take effect.
Ok, the goal isn’t to learn about the mailman, but he’s going to come in handy later.
Proxy servers have been around since the early days of computing and they play a large role on the web today: sometimes obvious, sometimes not. They can be used for good or they can be used for harm, like man-in-the-middle attacks. Today I want to provide a visual representation of a reverse proxy server used for load balancing. I also want to address some concepts and potential issues and solutions that often come up with proxy based load balancing.
Definition
Proxy: Dictionary.com: “the agency, function, or power of a person authorized to act as the deputy or substitute for another.”
Proxy server: Wikipedia: In computer networks, a proxy server is a server (a computer system or an application program) that acts as a go-between for requests from clients seeking resources from other servers.
Reverse Proxy: Wikipedia: A reverse proxy or surrogate is a proxy server that is installed in a server network. Typically, reverse proxies are used in front of Web servers.
The proxy server drawn out
This can be easily represented with the following diagrams. This is oversimplifying the meaning slightly, but it communicates the essence of forward and reverse proxies.
|
Proxy Server |
Reverse Proxy Server |
 |
 |
The difference between a forward and reverse proxy server is essentially where it lives and who it targets. If it’s on the perimeter of the client’s network (like a corporate network or ISP) then it’s a proxy server. If it sits in front of servers or devices on the web (like in a data center) then it’s a reverse proxy server.
Proxy servers can be used for any numbers of applications, some of them include:
Forward Proxy Server Examples
- Caching web pages to increase the perceived speed of the internet. AOL has been known over the years for their poor implementation of proxy servers for their users. Many corporate networks use proxies successfully.
- Filtering to ensure that inappropriate or unapproved content isn’t allowed to the end user. These are common in corporate environments, schools and colleges. A NetNanny-type of product functions as a proxy server/service.
Reverse Proxy Server Examples
- Caching content for performance for a web server at the data center. Speeds up a website for all users of that website.
- Load balancing a few servers to distribute load. Allows scalability or redundancy.
- Webpage treatments for client-side performance gains.
As you can see, there are many reasons for proxy servers, and they are in operation all over the web. It’s possible that a proxy server is being used for you to see this website right now.
Direct Server Return
I want to briefly mention another type of method used by some load balancers, called Direct Server Return (DSR). It’s helpful to contrast this with a Proxy Server.
|
Load Balancer using Direct Server Return |
 |
Notice that the load balancer isn’t as aggressive as the ones in the previous diagrams. It passes on the request from the client to the web server and then it minds its own business and stays out of the rest of the communication. In fact, with this solution, the web server barely even realizes that the load balancer played a role. In this role, a load balancer is not taking the role of a reverse proxy server. It does not stand in the middle for the whole process.
Additionally, even though routers and switches are middle-men between the client and server, they are not considered proxy devices either.
Reverse Proxy Servers and Load Balancers
Now on to the main points that I want to cover. Recently I’ve started to work with Microsoft’s new Application Request Routing (ARR) load balancer which I’ve been extra impressed with. I plan to post more over time on how to really leverage this as a full blown flexible, stable and scalable load balancing solution. Over the last few years I’ve been using DSR based load balancers for the most part. As a result of working with ARR, I’ve run into a few concepts and addressed a few issues that I want to cover here.
The Mailman as a Proxy
The biggest issue that comes up with proxying requests is that it’s nearly impossible for the proxy (or reverse proxy) server to stay hidden. Consider the mailman who delivers mail to your house each day. He’s not the original sender, but he’s the person that, at first glance, appears to be the sender. How many jokes are made of the mailman building a romantic relationship with the wife?
The mailman is a type of proxy. The trick is to make sure that you can tell who the original sender is, and that you don’t get confused and give the mailman credit for a letter that’s not from him. You certainly don’t want your love letters to your spouse or significant other being credited to the wrong person.
In the case of the mailman, there is some evidence of the postal system proxying the mail, in the form of markings in the top right corner. However the larger markings are the ‘return’ and ‘to’ addresses. It’s important for the receiver to understand which markings to pay attention to and which to ignore.
The Proxy Server Leaves a Mark
When a server acts as a proxy, it will change some of the request headers. In particular, the headers to watch for are:
- REMOTE_ADDR
- REMOTE_HOST
- Some proxy servers can also off-load SSL, which means that it will proxy from SSL to HTTP. In that case SERVER_PORT and some certification headers come into play.
In the case of IIS and the web server, it will try to set REMOTE_ADDR and REMOTE_HOST to the IP of the proxy server. Any code that depends on these headers will get confused. For example, if you check for blog spam by client IP, you may check REMOTE_ADDR from code. With the proxy server in-between, it will appear that all traffic comes from a single IP. Additionally the web server will log the traffic as coming from the proxy server.
To avoid this impacting affect caused by the proxy server, it’s necessary to rewrite all relevant header and log information back again so that it appears to come from the original sender. This can be done various different ways, but I’ll cover a common method, and how ARR handles this.
ARR’s Header Rewriting
With ARR, this can be handled one of four ways:
- Ignore the issue. Some people don’t have any site features that depend on knowing the client IP, and they are fine with not knowing the client IP in their site statistics.
- Update your code to use the custom headers that ARR sets, namely X-Original-URL, X-Forwarded-For, X-ARR-SSL, X-ARR-LOG-ID. This won’t address the IIS logs, but it can address everything else.
- ARR Helper. Anil Ruia, one of the primary ARR developers, has written a helper module that works in IIS7 to rewrite the relevant headers back. The ARR Helper module is not officially supported by Microsoft, but works like a charm. ARR itself will place the original client’s site in a configurable request header, which is X-Forwarded-For by default. It will also place certificate information for SSL offloading in X-ARR-SSL. On the actual web server, the ARR Helper runs silently in the background and will rewrite those headers back to REMOTE_ADDR, REMOTE_HOST, SSL and REMOTE_PORT. It will also ensure that the logs recover the original client IP. It’s installed at the server level and doesn’t have any impact on non-load balanced sites and performance overhead is negligible (for load balanced or non-load balanced). We’re running this in production at ORCS Web and are very pleased with the results. No code changes are necessary for the site owner.
- With ARR and URL Rewrite 2.0, currently in Beta, it can also do the same thing. ARR itself takes care of the writing on the ARR server, and URL Rewrite 2.0 can rewrite the X-Headers back to the appropriate locations. URL Rewrite 2.0 needs to be installed and configured on each of the web servers. Currently I’m running this in testing only since version 2.0 does not have a go-live license, but the end goal is to use URL Rewrite for the web server rewriting. While Anil’s solution works perfectly, this will be the Microsoft supported solution moving forward.
In future blog posts, I hope to dig deeper into ARR technically, but I wanted to lay the groundwork first on the concept of proxying, and what you need to consider by having a middle man between the client and web server.
At ORCS Web, we’re using System Center Configuration Manager (SCCM) with Microsoft Deployment Toolkit (MDT) and have it set to deploy new images to physical or virtual hardware.
Most everything works great, but the one thing I’ve wanted to get working is to add the Hyper-V Integration services to the Boot Image (WinPE in this case) so that 1) the regular Network Adapter (not the Legacy adapter) works and 2) there is mouse support right from the beginning. Once the boot image is created, the Hyper-V virtual machine can have the .ISO image mounted as bootable media.
Note that PXE boot with Hyper-V still requires the legacy network adapter (as far as I’ve been able to determine anyway). The better way to go is to use bootable media that can be mounted to the VM as a virtual CD/DVD drive. I’ll set out to cover how to do that here.
The following three links got me going in the right direction. However, it appears that the vmguest.iso file changed from when they wrote their blog posts until now, so I used different files then they did:
Here are the key steps:
- Go to an existing Hyper-V VM and insert the Integration Services Setup Disk. This is easiest with a server which you have already installed the Integration Services on so that you will have your mouse for the remaining steps.
- Don’t run the installation now. Instead, use Windows Explorer and navigate to the new drive and the Support folder. There are 2 subfolders: amd64 and x86. To create your 32-bit image, use the x86 folder. To create your 64-bit image, use the amd64 folder (even if it’s Intel 64-bit). I created two folders on my SCCM server. One for x86 and one for x64.
- Simply double click on the .cab file to view the contents. The file will be named Windows6.0-HyperVIntegrationServices-x64.cab or Windows6.0-HyperVIntegrationServices-x86.cab.
- Copy the contents of that cab file to your SCCM server. I do it over a UNC network path, but you can use whatever means of copying that you prefer. You don’t need all of the files in the cab, but it’s a small cab and easiest just to copy everything over.
Note: Now that you have the drivers, add them to your boot image. You can use whatever method that you use for your boot image, but I’ll include instructions for SCCM here.
- Fire up Configuration Manager Console (ConfigMgr Console).
- Expand Site Database (your instance) / Computer Management / Operation System Deployment.
- Right-click on Drivers and click Import. The Import New Driver Wizard appears.
- In the Locate Driver step, point to the folder where you copied the cab contents to. Run this twice, once for 32-bit and once for 64-bit.
- In the next step I imported all drivers even though I only use 4 on a later step. I figured that I may use them for something else in the future. So, leave everything checked.
- Assign a category that mentions the bitness of the drivers so that you can tell the difference later.
- In the Add Driver to Packages step, create a new package or assign to an existing package.
- Don’t do anything on the Add Driver to Boot Images step since we don’t want all of the drivers assigned to the boot images. Click Next.
- Click Next to finish the Driver import.
Now that the drivers are imported into SCCM, you need to add them to your boot image
- In the Drivers section of SCCM, find and select the following drivers for either x86 or x64:
- Microsoft Virtual Machine Bus Network Adapter (for network support)
- Microsoft Virtual Machine Bus Input Device Miniport (for mouse support)
- Virtual Machine Bus (I’m not sure if this is needed, but I added it anyway)
- Right-click and click Add or Remove Drivers to Boot Images.
- Check the boot image that you want to add to and click Update distribution points when finished.
- Finally, recreate your boot media.
Now you will be able to install an OS on a Hyper-V VM using the regular network adapter and mouse support.
As a side, I hoped that I could use x64 boot media and install both x64 and x86 operating systems. That would save me from choosing between the images as long as the hardware supports x64. Unfortunately it didn’t appear to work. I ran into driver issues later in the install process. I’m not saying that someone else can’t get it figured. It may be possible to embed the x86 drivers into the x64 boot image, but I didn’t take it that far. What I did prove is that configuring the x86 and x64 images identically wouldn’t allow the x64 boot image to deploy an x86 OS.
When it comes to deploying websites, many developers and companies have unique and creative ways to handle deployment. While some have fully workable solutions, I believe that there is a lot of room for growth to bring powerful and straight forward publishing tools to the masses and to support mature publishing methods for simple and complex sites alike.
Visual Studio 2010 introduces 1-Click Publishing which, along with Web Deploy, makes some nice strides in this area.
VS 2010 supports 4 methods of publishing content. They are: MSDeploy Publish, FTP, File System, FPSE. Let’s talk briefly about each:
MSDeploy Publish: this is the subject of this blog post and will be covered in more depth below. At it’s core, MSDeploy, aka Web Deployment Tool, is a command line tool used for deploying websites and settings. It can deploy or migrate website content, website settings, ACLs, COM, GAC and registry settings. As you can assume, the administrator on the target machine can specify which settings are allowed to be pushed. This is the foundation of many impressive deployment tools that we should expect to see coming out of Microsoft in the coming months and years. Visual Studio takes away the command line complexity of MSDeploy and provides the ability to deploy with a single click.
FTP: File Transfer Protocol has been around since the early days of the internet but has always had one major shortcoming—security. There are ways to make it security using SFTP (SSH FTP), FTPS (FTP over TLS/SSL) and some other methods, but the FTP protocol at its core is a plain text protocol, including the authentication (username/password). Recently we’ve seen a lot of progress for FTPS within Microsoft so that servers and tools support it, so be sure to use a secure method of FTP whenever possible.
File System: If you are on the same network or using a VPN connection to the destination web server then you can use the File System method of publishing. This uses straight xcopy to push the content directly to the destination location.
FPSE: FrontPage Server Extensions. FPSE has 2 aspects. One is the extensions part which were introduced with the Internet was fairly young, to support things like hit counters, email components and other bots. Some developers that develop with FrontPage use these. The other aspect of FPSE is publishing. FPSE offers a secure method of publishing content to a web server. However, FPSE has been plagued with security and difficult configuration issues over the years and, to my relief, I believe it’s on the way out. However, VS 2010 still offers support for pushing with FPSE, so if your destination servers supports FPSE, you do have this publishing technology available to you.
The remainder of this blog post is a simple walkthrough on publishing using MSDeploy, which can be done over HTTPS, providing much better security than plain text FTP. The host or production servers need to support MSDeploy.
Playground
ORCS Web has worked with Microsoft to provide a testing account so that you can try out MSDeploy completely free of charge. This promotion is available for a few months starting in June 2009. Vishal Joshi has formally announced this plan also. If you want to try out the publish feature covered here, but don’t want to setup and configure a production server, sign up for one of these accounts.
Publish Web Tool (using MSDeploy Publish)
You can access the Publish Web Tool either by the top menu: Build –> Publish {project name} or from the Publish menu:
Open the Publish Web tool to get started.
The tool should look like this, but the fields will change with the different Publish Methods. We’ll just cover MSDeploy Publish here.
If you don’t have the information from your host or server admin team, make sure to obtain that now. I’ll cover the fields and what they mean here:
Profile Name: (at the top) This is the friendly name that you provide to reference your deployment profile. Visual Studio 2010 supports up to 50 profiles.
Publish Method: These are the 4 methods mentioned above: MSDeploy Publish, FTP, File System and FPSE.
Service URL: This is the MSDeploy URL that your administrator or host provides. It will be something like https://ServerNameOrIP:8172/MsDeploy.axd
Site/Application: This is the IIS site name, but it’s more than that. Within this field you can specify a sub folder(s) where your project will be deployed. Your host or administrator will likely provide the root path that you have access to, for example SiteName or SiteName/vdir. But you can optionally be more specific in the path, like so: SiteName/ProjectName. The root Site/Application name must be exactly the name of the destination IIS Site (plus optionally the application).
Mark as IIS application on destination: If you set a sub folder for the “Site/Application” field and check this checkbox, it will mark the folder as an application root when publishing. Your host/administrator must support this on the destination server.
Do not delete extra files on destination: If this is unchecked it will first delete everything from the destination folder before publishing the new content. You will likely only want this unchecked for the initial deployment and then have it checked every time after that, until you want to start fresh.
Allow Untrusted Certificate: The certificate that your host/administrator uses may be a self-signed certificate or it may be for a different name than the URL. Only check this if your host or administrator instructs.
User Name and Password: This is the username and password used to connect to IIS, likely provided by your host/administrator.
Save password: This goes without saying. It’s up to you whether you have Visual Studio save your password or not.
Once you’ve filled out the fields, you can Publish immediately or Save so that you can publish later.
If all is setup correctly, you can publish by clicking the Publish button, or from the 1-Click Publish button. The 1-Click Publish feature is literally that: after setup, when you make a change that you want to publish to the web, just click that one icon and it will take care of the deployment.
In my opinion, the most impressive feature of MSDeploy is that it only publishes the changes between the source and destination location. If you have a 2GB site but only changed 2 files, when you click Publish, it will deploy only the changes, very rapidly. Additionally, from a network and server utilization perspective, MSDeploy is much faster and efficient than IIS FTP.
Shortcoming – error reporting
The biggest shortcoming that I find is regarding the error reporting when something goes wrong. VS 2010 doesn’t expose to you very much information about the errors. Most error information is available to the host administrator on the destination server. If you receive an error that isn’t clear, double check each of the fields. The most common failure is related simply to incorrect information.
There’s more, but not here and now.
Visual Studio’s Publish feature has a lot more. The two other most significant features are the Database Publishing and MSDeploy’s Transform feature so that your web.config settings can be changed as they are published.
I’m not going to cover them here and no though, but I’ll provide some useful links below which cover all of these features in more detail.
Links.
The best walkthroughs and information on MSDeploy and Visual Studio’s 1-Click Publish feature likely comes from Vishal Joshi. He’s a program Manager with Microsoft for these technologies and is an authoritative source of information. Start with this blog post: Web 1-Click Publish with VS 2010
Brady Gaster, lead developer at ORCS Web, has also put together an excellent walkthrough on the same topic.
And of course the ORCS Web VS 2010 Beta testing account offer is a useful link.
Keep an eye open for more publishing tools and progress in the future. I believe we’re just at the beginning of great things to come.
With Microsoft Visual Studio 2010 Beta 1 released and available as a free download, we at ORCS Web have joined with Microsoft to provide a free testing account so that you can see for yourself how the Publish feature works for remote publishing.
As of today, you can setup a new account free of charge here. Note that this account is setup with ASP.NET 4.0 by default, which does not have a go-live license, so this account is for testing purposes only and cannot be used to host a production website.
Visual Studio 2010 now supports Web Deployment (MSDeploy) which is an impressive new technology from Microsoft, allowing rapid deployment of websites. It’s fully secure since it runs over SSL, and yet it’s lightening fast. It only copies the changed files and only the necessarily files, making deployment a breeze.
VS 2010 totes a single-click publish option now. Once you set it up, which is easy, you can deploy changes with one click.
I’ll follow up with a walkthrough with more information later this week, but I wanted to mention our hosting offer today. We didn’t launch on the same day as Bing on purpose, but we can pretend that it’s all part of planned launch to keep up with the hype. :)
Here’s the link to setup an account: http://www.orcsweb.com/hosting/vs2010beta.aspx
Sometimes I want to place a shortcut or file on the desktop of a server and want all users of the server to see it. By default, if you save a file or folders to the desktop, it is placed on only your desktop.
Prior to Vista/2008, you could manage this by copying or moving a file/folder directly to
C:\Documents and Settings\All Users\Desktop
On Vista and Windows Server 2008, there are some changes to the structure. You may see the Documents and Settings folder, but if you double click on it, you will likely get an Access Denied error. Have no fear, you can still access the user data. Rather than using C:\Documents and Settings, the User data is in C:\Users now. C:\Documents and Settings is now just a redirect for legacy code. Actually, it’s not always on the C drive, but it usually is. You can see where your profile is by typing the following in the command prompt:
echo %userprofile%
The other gotcha comes with trying to access the shared desktop. Previously it was in the “%userprofile%\All Users\Desktop” folder. If you try to access that folder, you will likely get an Access Denied error there too. The issue isn’t with access here either. It’s that the folder has been renamed.
Here’s the kicker. The new path to the shared desktop is now:
C:\Users\Public\Desktop
(Since shortcuts are used, it may show as C:\Users\Public\Public Desktop)
Note: It is a hidden folder, so if you haven’t already, make sure to set windows explorer to show hidden folders.
Additionally, you can redirect this folder or any of the user profile folders to another path or drive. This is easy to do. Simply right-click on the folder and select the Location tab.
That’s all there is to keep in mind. Remember the new folder name and you should be set.
More Posts
Next page »