T2A4D (Coincidentally What I Would Name A Droid, If I Had One)

Not another post about Kerberos!  Sorry folks, my Momma said ‘stick with what you’re good with’.   And since playing Halo 3 is not a paying job I’m doing another blog post on Kerberos.    I thought this would be a good one to post since how this works can save people a lot of time,… Read more

2008 Certificate Web Enrollment Pages for Download

  There’s be a lot of demand for the web enrollment pages from Server 2008.   For those that have contacted me directly I apologize for the trouble I’ve had getting back to everyone on these.  I also know that it some people expressed frustration over having to contact Microsoft Customer Services and Support for these… Read more


For Customer Services and Support division employees at Microsoft it’s inevitable that, if you talk directly to customers at all, you will be asked whether you are certified.  I’ve even heard our customers ask development folks (aka programmers) that question in the past.  The question was followed by a pause as the programmer silently had… Read more

Server 2008 and Windows Vista: Encryption Better Together

A while back I did a blog post about some problems that were seen with people testing Windows Vista and then “rolling back” to Windows XP and some problems that could be seen when using the same computer object (also known as account) in AD.  If you didn’t get a chance to read it here’s… Read more

Kerberos Constrained Delegation, FE and BE Servers Must Be In Same Domain

This has come up several times, and I suspect will continue to do so occasionally.   So I thought I’d post about this real quick in order to get the word out and also make sure that I don’t give the wrong answer on this to someone again (I forgot, gave the wrong answer to someone… Read more

All The Logging In The World

There’s normal troubleshooting and then there’s the stuff you do when the basic troubleshooting doesn’t get things resolved.  Normal troubleshooting can be things like selecting “last known good” on a reboot after installing a new driver and having a blue screen.  Or perhaps uninstalling and then reinstalling an application, or altering settings for the application… Read more

Lingering Objects, Like Weekend Guests Who Won’t Leave, But for AD

It struck me the other day what a statistical improbability it was that I haven’t really talked much about lingering object problems in AD yet in this blog.  They are one hot topic to support people, even if they are not our most common problem.  The hot topic part comes from the epic pain in… Read more

Must Read: Daylight Savings Time (DST) Update

We had enough folks have trouble with this earlier this year that I wanted to take a moment to talk about Daylight Savings Time (DST).  We’re about to have time changes in some regions so this is a hot topic right now for many people.   Your first question should be “How does this affect… Read more

How To Disallow NTLM Authentication on a Per Resource Basis

One of the most exciting and fulfilling things that I get out of my job is the opportunity to resolve unique customer concerns and scenarios.  I’ve said this before in prior blog posts, but this one in particular, I think, will illustrate that.   One of my colleagues was working an issue where his customer… Read more

Tracking User Environment Creation

In my soliloquy of AD logon you heard some broad generalities intended to give a general understanding of the intended design and how it all fits together.  In this post I hope to give you a more detailed idea of how it works.   How to enable user environment debug logging in retail builds of… Read more