Blog du Tristank

Migrating to https://blog.tristank.com/ . And still so terrific that 3 of 4 readers rated it "soporific"

A weekend’s worth of tips in the Windows 8 Consumer Preview

Just some notes recording what I’ve picked up from a couple of days using the Windows 8 Consumer Preview on my main desktops:   The hit target for the Start button is the very bottom left corner – like, the four pixels in that region. Just slam the mouse there and click – when you… Read more

RemoteFX (with Hyper-V) is a serious business tool. For games.

The Setup My downstairs PC (on the dining room table) is an HP Touchsmart all-in-one Core 2 Duo Intel Integrated Graphics 965-based box, which makes it absolutely abominable for games. Upstairs, my internet connection plugs into my Hyper-V host (actually, a TMG instance on it), and I’ve a sort-of-gaming PC set up next to that,… Read more

Important Kerberos-related hotfix for IIS 7.5

Users cannot access an IIS-hosted website after the computer password for the server is changed in Windows 7 or in Windows Server 2008 R2http://support.microsoft.com/default.aspx?scid=kb;en-US;2545850 Essentially, if the computer acount password changes, AppPoolIdentities might be unable to perform Kerberos authentication thereafter (if IIS is restarted as well).  … Read more

IE10 Compat Inspector

There’s an very handy-looking new tool that can be used to quickly determine a site’s compatibility with IE10. I set it up with Fiddler on one of my machines, and can now enable a pop-up item in Fiddler under the Rules menu. I wasn’t familiar with Fiddler’s rules engine before… more investigation is needed!… Read more

IUSR vs Application Pool Identity – Why use either?

(pasted from my email clippings. I’m on holiday right now, catching up on paperwork!) The TLDR version is: using AppPoolIdentity as both the App Pool Account and Anonymous user account lets you have multiple isolated anonymous websites on one box. IIS 7.x and upwards (as of Win2008 R2 and Windows 2008 SP2, also in IIS 8.x in Windows Server… Read more

Configuring Kerberos for SharePoint farms – a generic gotchas list

Recently, I worked on a Kerberos configuration issue with a customer; these are my notes from the visit. You’ll see some common themes with Kerbie Goes Bananas, and it puts much of that into practice. Speaking of, I must redo Kerbie with SetSPN -S  (shameface)   1. DNS should use an A record to refer… Read more

TMG SP2 now out there

There I was, blathering away about Kerberos and SetSPN and sleeping – sleeping! – while the long-awaited-but-unnanounced TMG SP2 was released. And announced, I guess. The documentation’s still being updated (the release notes haven’t made it up yet), but you can try it out from here: Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2… Read more

PSA: You really need to update your Kerberos setup documentation with SetSPN -S!

Hi! You might remember me from such posts as Kerbie Goes Bananas, and SetSPN improvements for Windows 2008. Or something. I’m here with a public service announcement! Excitement! It’s been long enough since Windows 2008 (and the downlevel release of SetSPN) that I feel comfortable respectfully asking you to please: Search and Replace SetSPN -A… Read more