Are you looking for some good stuff to put in your family’s Christmas stockings this year? Maybe a new phone, a controller for your gaming console, why not a brand new debugging tool:) Jokes aside, I get peppered with questions about Debug Diag and if there is a new version coming that will support Windows 7 / Windows 2008 and luckily some of my EE colleagues have been and are still working hard at making this happen. While it is not available for public download yet at the MS download site, Beta 1 of Debug Diag has been released and is ready for use.  The main new stuff in Beta 1 is that it now supports the aforementioned Windows 7 and 2008, and if you need it right now, you can send an email to dbgdiag (at) microsoft.com, or if you have...

When trying to backup my machine onto a USB drive, a few weeks ago I have been starting to get a very unhelpful 0x81000037 error. Of course, the first thing I did was to bing it but I didn’t like what I found. There is a “How to troubleshoot Windows Backup and Restore issues when a reparse point folder or its subfolder is added to a user library in Windows 7” KB article that unfortunately does not live up to its title. It does some hand waving around “reparse points” but does not even bother to explain what a reparse point is, let alone how to discover and remove them. Other links I found were from distressed users hitting the problem and having no clue how to solve it. Responses from support have been equally unhelpful and full of jargon as...

This is an issue that I often get questions around and we often have cases where we have to re-capture memory dumps because the memory dumps were captured the “wrong” way. The short story is: If you are executing a 32-bit process on a 64-bit machine, (which is the default case for IIS on x64 machines for example) you need to capture the dump with a tool that allows you to create 32-bit dumps. How do you know if your process is 32-bit? If you are on a 64-bit machine, you can check task manager to see what architecture your process is using. Processes with *32 are 32-bit and the rest are 64-bit so in the example above we can see that for example w3wp.exe is executing 32-bit code. Why is it important to capture them with the right tools...

This morning Microsoft released a security update that addresses the ASP.NET Security Vulnerability that I’ve blogged about this past week.  We recommend installing it as soon as possible on your web-servers. Common Questions/Answers Below are some answers to a few common questions people have asked: Do the updates require me to change any code? No. The update should not require any code or configuration change to your existing ASP.NET applications. Will I still need to use the workarounds after I install the update? No. The update removes the need to use the security workarounds we’ve published this past week.  Those were temporary steps that could be taken to protect yourself before the update was released.  After you’ve installed...

An hour ago Microsoft released an advance notification security bulletin announcing that we are releasing an out-of-band security update to address the ASP.NET Security Vulnerability that I’ve blogged about this past week.  The security update is fully tested, and is scheduled for release tomorrow - Tuesday September 28th – at approximately 10:00 AM PDT.  The advance notice bulletin is intended to ensure administrators know it is coming, and are better prepared to apply it once the update is available. We’ll release the update tomorrow via the Microsoft Download Center (I’ll blog links to the individual downloads for each version of .NET).  We will then release the update via Windows Update and the Windows Server Update Service...

By now, you’re probably aware of a serious ASP.NET Vulnerability going around. The ASP.NET team has been working around the clock to address this. Quite literally as last weekend, I came in twice over the weekend (to work on something unrelated) to find people working to address the exploit. Recently, Scott Guthrie posted a follow-up blog post with an additional recommended mitigation you should apply to your servers. I’ve seen a lot of questions about these mitigations, as well as a lot of bad advice. The best advice I’ve seen is this - if you’re running an ASP.NET application, follow the advice in Scott’s blog to the letter. Better to assume your site is vulnerable than to second-guess the mitigation. In the follow-up post, Scott recommends...

Earlier this week I posted about an ASP.NET Vulnerability , and followed this up with another blog post that covers some Frequently Asked Questions about it. We are actively working on releasing a security update that fix the issues, and our teams have been working around the clock to develop and test a fix that is ready for broad distribution across all Windows platforms via Windows Update.  I’ll post details about this once it is available. Revised Workaround and Additional URLScan Step In my first blog post I covered a workaround you can apply immediately on your sites and applications to prevent attackers from exploiting it.  Today, we are revising it to include an additional defensive measure. This additional step can be done...

When you’re working on a web project, there are times you wish you could have captured all of the stuff you’re working on often and then re-use it later on, similar to code snippet. For example, if you work with JaveScript, HTML5 a lot, you would want to be able to create a new web project that already has a predefined set of jQuery library, or add a new page that already has references to the new HTML5 doctype and the jQuery libary, so you don’t have to constantly modify the page to add those in. You can achieve this by creating your own Item Template and Project Template. Recently, Rey Bango has posted a nice blog about this topic at How to Create HTML5 Website and Page Templates for Visual Studio 2010 . Joe Cartano also had a blog about it...

If you haven’t installed the Visual Studio Mobile tools for building Win7 applications I would highly recommend you do so now via one of the following links: Main Site: http://developer.windowsphone.com/ FWLINK: Windows Phone Developer Tools The release notes can be found here: Release Notes Programming Resources: http://charlespetzold.com/phone/index.html Channel 9 Training: http://channel9.msdn.com/learn/courses/WP7TrainingKit/ Windows Phone Developer Forums: http://social.msdn.microsoft.com/Forums/en-US/windowsphone7series XNA Creators Club: http://creators.xna.com/en-US/ Pre-Requites: Uninstall any non-RTM versions of VS 2010. Thanks, –Mike Read More...

Recently I was having a conversation with one of Web Deploy (MSDeploy) users and an interesting scenario came up.  He essentially wanted to move his site from IIS 6.0 to IIS 7 and wanted to consider Web Deploy to do this.  In addition he actually was fine with just xCopy-ing the site’s content from IIS6 server to IIS7 server as it was almost 6GB+ in size and trying to create a zip package for it was not most the optimal way of using resources, nevertheless creating a zip package using Web Deploy for just the IIS configuration is what was certainly desirable due to ease of portability & use. I thought this would be a good opportunity to write a quick note to share with you that migration from IIS 6 to IIS 7 was one of the original...