I recently picked up an ASUS RT-N16 router.  It has a 4 port gigabit switch, 2 USB 2.0 ports and an 802.11n 2.4GHz (only!) radio.  While the radio is not ideal (there is no 5GHz), I think this a nice upgrade to the Linksys WRT54GS v2 I've been using for the past 5-6 years.

This router runs a tomato mod, of course.  So far, things are working great.  I'll update this post if I discover any problems.  Sadly, this tomato mod doesn't contain the MLPPP modification to bypass Bell's DSL throttling in Canada.

Wireless performance

Local WLAN (ThinkPad x61 tablet with Intel 4965 abgn card) to LAN connected machine is roughly 7-9.5MB/s, up from 2.5 MB/s.  Not earth shattering, but a very nice improvement.  There's quite a bit of interference around, and since this is a 2.4GHz only radio, this is to be expected.  If only ASUS had shipped this thing with a 5GHz radio... and I had a new Intel n card =).

Notes on router hardware choices

Ideally, I'd like to find something with USB, gigabit switch, dual radios in 2.4GHz and 5GHz, while running tomato.  As I write this, I don't think there's a tomato firmware that has dual band support - yet.

I would really only consider something that runs tomato.  I've had stability problems with dd-wrt.  The Linksys WRT320N is a 2.4GHz or 5GHz (single radio, operates in either mode but not simultaneously) router, and the Linksys WRT610N has a gigabit switch as well as dual radios operating in 2.4GHz and 5GHz.  Sadly, people only seem to be running dd-wrt on these, which is a deal breaker for me.

So for now, the massive amount of RAM (128MB) and fast CPU in this ASUS router make it my replacement of my Linksys WRT54GSv2/WRT54GL.  All things considered, it's a nice upgrade as not all my machines have radios that support 3 wireless-n streams yet (like the Intel 5300).

Hardware specifications (from http://www.dd-wrt.com/wiki/index.php/Asus_RT-N16)

Stock Power Supply = 12V - 1,25A max
Ethernet Ports = WAN x 1 RJ-45 for 10/100/1000 Base T, LAN x 4 RJ-45 for 10/100/1000 Base T
Antennas = 3 x external detachable antennas
USB ports = USB2.0 x 2
WiFi Operating Frequency = 2.4GHz ~ 2.5GHz
802.11n Draft = up to 300Mbps
802.11g = 6, 9, 12, 18, 24, 36, 48, 54Mbps
802.11b = 1, 2, 5.5, 11Mbps
Unit RAM = 128 MB (2x 64Mb - Samsung K4N511163QZ-HC25)
Unit Flash = 32 Mb (MACRONIX MX29GL256EHTI2I-90Q)
Unit CPU = Broadcom4718A, 533 MHz (Factory clocked to 480MHz)
Unit Switch Chip = Broadcom BCM53115SKFBG
Color of LEDs = Blue

Firmware

I logged into the ASUS firmware, fed it the dd-wrt file below, then once that was done, upgraded to tomato.

• I flashed the latest dd-wrt firmware on the stock ASUS router via the web interface.
  • Download/details: http://www.dd-wrt.com/dd-wrtv2/downloads/others/eko/V24-K26/svn13491-snow/Asus/RT-N16/dd-wrt.v24-13491_NEWD-2_K2.6_mini_RT-N16.trx 
  • Local mirror: coming soon
• Then I flashed/upgraded to a tomato mod via the dd-wrt web interface and did a full reset/defaults of the router. I renamed the .trx to .bin so dd-wrt would accept it.
  
  • Download/details: http://www.linksysinfo.org/forums/showthread.php?t=63587
  • Local mirror: coming soon

You are able to rollback to dd-wrt, then flash the original ASUS firmware back - so there really isn't any danger here.  Give it a try and see if you like it.  For myself, USB support is nice, but stability is king.  Tomato is working well for me.

Custom settings

I made the following settings changes:

• In Basic Wireless
  • select Wireless Mode = Auto (default setting)
  • select Channel Width = 40 MHz
  • select Security = WPA2 Personal
  • select Security = AES
• In Advanced Wireless
  • select Transmission Rate = Auto (default setting)
  • select Country/Region = Japan (default setting to get 14 channels)
  • select WMM = Enable (not a default setting)
  • select 802.11n Preamble = Mixed Mode (default setting)
  • select transmit power = 39 mW (not a default setting, this is the same as 16dB)

I was taking a look around for some Hyper-V performance guidelines when virtualizing production workloads such as Exchange 2007/2010 on Windows Server 2008/2008 R2.

Checklist: Optimizing Performance on Hyper-V
http://msdn.microsoft.com/en-us/library/dd722835(BTS.10).aspx

Looking for that last ounce of Hyper-V performance? Then try affinitizing your VM to a NUMA node
http://blogs.msdn.com/tvoellm/archive/2008/09/28/Looking-for-that-last-once-of-performance_3F00_-Then-try-affinitizing-your-VM-to-a-NUMA-node-.aspx

Hyper-V Performance Counters - Part five of many - "Hyper-VM VM Vid Numa Node"
http://blogs.msdn.com/tvoellm/archive/2008/09/29/hyper-v-performance-counters-part-five-of-many-hyper-vm-vm-vid-numa-node.aspx

Performance and capacity requirements for Hyper-V
http://technet.microsoft.com/en-us/library/dd277865.aspx

Microsoft Support Policies and Recommendations for Exchange Servers in Hardware Virtualization Environments
http://technet.microsoft.com/en-us/library/cc794548.aspx

Exchange Server 2007 and Hyper-V
http://blogs.technet.com/scottschnoll/archive/2008/06/15/exchange-server-2007-and-hyper-v.aspx

Should You Virtualize Your Exchange 2007 SP1 Environment?
http://hypervoria.com/hyper-v/should-you-virtualize-your-exchange-2007-sp1-environment.aspx

Hyper-V How To
http://blogs.virtualizationadmin.com/davis/tag/hyper-v-how-to/

http://code.kliu.org/misc/win7utils/

Local cache:
http://justinho.com/files/uploads/eicfg_removal_utility.zip
http://justinho.com/files/uploads/windows7_iso_image_edition_switcher.zip

ei.cfg Removal Utility
Version 1.1
The ei.cfg Removal Utility is a simple tool that will remove the ei.cfg from any Windows 7 ISO disc image, thereby converting the image into a "universal disc" that will prompt the user to select an edition during setup. This tool works by toggling the deletion bit in the UDF file table, eliminating the need for unpacking and rebuilding the ISO, which means that this is extremely fast (the process of patching the ISO to remove ei.cfg takes only a fraction of a second), and the process is easily reversible (running the utility on a disc image patched by this utility will restore the disc image to its original state).

Windows 7 ISO Image Edition Switcher
Version 1.0
The Windows 7 ISO Image Edition Switcher is a set of small binary patches (and a tool to apply these patches) that will convert an official Windows 7 ISO disc image into an official Windows 7 ISO disc image of another edition. The resulting ISO images are bit-for-bit identical with those posted on MSDN or TechNet, and their SHA-1 hashes should match the official hashes posted by Microsoft.

The patches and patcher in this package can be used to convert any 32-bit image
into another 32-bit image and any 64-bit image into another 64-bit image.

For example, if you downloaded the 32-bit Ultimate ISO disc image from MSDN and
you also want a 32-bit Professional image, instead of spending another 2.3 GB of
bandwidth, you can make a copy of your Ultimate image and then patch that into a
Professional ISO disc image; the result should be exactly identical to what you
would have gotten had you downloaded the ISO image separately.

1) Run binpatch.exe
2) Select the the patch for the target edition that you want
3) Select the ISO disc image that you want to convert from
4) After patching, you should verify the SHA-1 hash of the final file and
   compare that with Microsoft's official hash to verify that the patch was
   successfully completed.

Problem:
StarCraft on Windows 7 causes a complete lockup of the keyboard, mouse and video, usually around 20 minutes into the game.  Background programs (such as Skype and MSN) still work, but a hard reset is required to recover.

Workaround:
Start StarCraft with a batch file that kills Explorer before launching the game.  The contents below are for an x64 installation of Windows 7.

rem First kill Explorer.exe, which messes up our colors in StarCraft
taskkill /f /IM explorer.exe

rem Change to the StarCraft directory to make sure we run normally!
cd "C:\Program Files (x86)\Starcraft"

rem Please note that /affinity 1 makes sure we only use our first core
rem Using all cores for StarCraft.exe can lead to crashes in Windows 7
cmd.exe /C start /affinity 1 "C:\Program Files (x86)\Starcraft\StarCraft.exe"

rem Wait for the game to quit, press Enter to continue
pause

rem Restart Explorer.exe and WallRotate, that's it!
start explorer.exe
exit

Details/Source:
http://www.evga.com/forums/tm.asp?m=100847055&mpage=1&key=&#100928703
http://www.evga.com/forums/tm.asp?m=100797014&mpage=1&key=?
http://benjaminnitschke.com/2009/06/25/FixingOldDirectX2DGamesInWindows7LikeStarCraft.aspx

Retail editions of Windows 7 Professional and Windows Server 2008 R2 can be converted to KMS clients, provided that the organization has acquired the appropriate volume licenses and conforms to the Product Use Rights. To convert Windows 7 Professional and all editions of Windows Server 2008 R2 from retail to a KMS client, skip the Product Key page during operating system installation.

(from elevated command prompt) slmgr -ipk <key>

Windows 7 Professional    FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Windows 7 Professional N    MRPKT-YTG23-K7D7T-X2JMM-QY7MG
Windows 7 Enterprise    33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows 7 Enterprise N   YDRBP-3D83W-TY26F-D46B2-XCKRJ 
Windows 7 Enterprise E   C29WB-22CC8-VJ326-GHFJW-H9DH4 
Windows Server 2008 R2 HPC Edition   FKJQ8-TMCVP-FRMR7-4WR42-3JCD7 
Windows Server 2008 R2 Datacenter     74YFP-3QFB3-KQT8W-PMXWJ-7M648 
Windows Server 2008 R2 Enterprise  489J6-VHDMP-X63PK-3K798-CPX3Y 
Windows Server 2008 R2 for Itanium-Based Systems    GT63C-RJFQ3-4GMB6-BRFB9-CB83V 
Windows Server 2008 R2 Standard  YC6KT-GKW9T-YTKYR-T4X34-R7VHC 
Windows Web Server 2008 R2    6TPJF-RBVHG-WBW2R-86QPH-6RTM4

Windows Vista Business   YFKBB-PQJJV-G996G-VWGXY-2V3X8
Windows Vista Business N    HMBQG-8H2RH-C77VX-27R82-VMQBT 
Windows Vista Enterprise    VKK3X-68KWM-X2YGT-QR4M6-4BWMV 
Windows Vista Enterprise N    VTC42-BM838-43QHV-84HX6-XJXKV
Windows Server 2008  Datacenter    7M67G-PC374-GR742-YH8V4-TCBY3 
Windows Server 2008 Datacenter without Hyper-V    22XQ2-VRXRG-P8D42-K34TD-G3QQC 
Windows Server 2008 for Itanium-Based Systems     4DWFP-JF3DJ-B7DTH-78FJB-PDRHK 
Windows Server 2008 Enterprise    YQGMW-MPWTJ-34KDK-48M3W-X4Q6V 
Windows Server 2008 Enterprise without Hyper-V    39BXF-X8Q23-P2WWT-38T2F-G3FPG 
Windows Server 2008 Standard  TM24T-X9RMF-VWXK6-X8JC9-BFGM2 
Windows Server 2008 Standard without Hyper-V    W7VD6-7JFBR-RX26B-YKQ3Y-6FFFJ 
Windows Web Server 2008    WYR28-R7TFJ-3X2YQ-YCY4H-M249D

Details: http://technet.microsoft.com/en-us/library/dd772269.aspx
Deployment guide: http://technet.microsoft.com/en-us/library/cc303280.aspx (Vista/2008), http://technet.microsoft.com/en-us/library/dd772269.aspx (Windows 7/2008 R2)

Remote Server Administration Tools for Windows® 7 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server® 2008 R2, Windows Server® 2008, or Windows Server® 2003, from a remote computer that is running Windows 7.

http://www.microsoft.com/downloads/details.aspx?familyid=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en

Summary:

I've updated my WDS install point with the Windows 7 RTM WinPE image and injected drivers for my machines.

Details:

I keep a directory of extracted WDS x86 drivers for all machines I have to support.  I'll keep adding drivers to this driver folder, then injecting them into a clean boot.wim file each time.  This allows me to rollback a failed injection.

1. I downloaded the WAIK for Windows 7 RTM
   The Windows® Automated Installation Kit (AIK) for Windows® 7
   File Name: KB3AIK_EN.iso
   Version: 1.0
   Date Published: 8/6/2009
   http://www.microsoft.com/downloads/details.aspx?familyid=696DD665-9F76-4177-A811-39C26D3B3B34&displaylang=en
2. Next, I copied the latest boot.wim from a Windows 7 RTM image, copied it into f:\temp
3. From an elevated command prompt with the WAIK in the PATH, I run:
   dism /mount-wim /wimfile:boot.wim /index:2 /mountdir:f:\temp\mount
   Note: index 2 is the Setup, index 1 is WinPE.
4. Then
   dism /image:f:\temp\mount /add-driver /driver:F:\Driversx86R4 /recurse
5. And finally:
   dism /unmount-wim /mountdir:f:\temp\mount /commit

The resultant WIM can then be added to WDS for deployment.

The T400s uses a "Series 3" dock that is not compatible with previous versions.  Specs for the 2 docks are annoying to find, and hard to compare.

Here's my summary table:

 Both have Kensington cable locks, ship with 90w adapter, 1yr warranty.  The DVI-D ports DO NOT support the attachment of a DVI-D to VGA adapter.

Sources:

ThinkPad MiniDock Plus Series 3: http://www-307.ibm.com/pc/support/site.wss/MIGR-72873.html 

ThinkPad MiniDock Series 3: http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-72871

I burned my first BD-R today using my new Pioneer BDR-203BKS Bluray burner.  I used a Ritek BD-R single layer (25GB) at 4x.  This pulled a sustained 18MB/s across my gigabit network.  imgBurn is nice.

I was expecting the bottom (recording surface) of the discs to be blue, for some reason.

xptruss: a Windows API tracing and spying tool

http://dev.depeuter.org/xptruss.php

Summary:

Linksys does not provide Vista x64 drivers for the WMP54G v4.0 and v4.1.

Drivers:

These ones work:

http://justinho.com/files/uploads/WMP54Gv41-x64.zip 
http://justinho.com/files/uploads/WMP54Gv4-x64.zip

More:

Summary:

A sidebar gadget that monitors Hyper-V guests over WMI

Link:

http://mindre.net/post/Hyper-V-Monitor-Gadget-for-Windows-Sidebar.aspx

Source: http://www.cpubenchmark.net/

Xeon
W570  6770
X5482  5672
E5450  4968
E5440  4603
E5410   3945
E5420  3932
X5365  3294
E5405  3132
E5345  2628
X3210  2527
E3110  2332
E5320  2309
P4-2.80GHz 455

Multi Xeon
2xE5310  4040
2xE5335  4831
2xE5410  7084
2xX5492  11520
4xX7350  16715

Core2/Pentium Dual
E4500  1227
E2220  1364
E4600  1400
E6550  1406
E5200  1608
E6750  1603
E7400  1856
E8400  2146
E8500  2313
E8600  2480
Q9650  4466
Core i7965 6741

Mobile
L7500  905
T2500  950
T5600  983
T2600  1040
P8400  1562
P8600  1592
T7600  1236
T9400  1700
T9600  1820
T9800  2115
P-M1.86  461

Opteron
Opteron 148 529
Opteron 170 1003
Opteron 1216 1403
Opteron 1354 2453

Dual Opteron
2x2218  2501
2x2212  2447

Phenom
Phenom 9500 2215
Phenom 8600 1693

Problem:

After flashing the Seagate ES.2 drive firmware to SN06/SN16, the 3ware card reports, "There is no response from the firmware. Please hit a key to continue."

Solution:

Don't flash your drives.  Once running this new firmware, these drives are not compatible with the 3ware card, as far as I can tell, since my drives won't rebuild now.

Discussion:

It's too late for me. I flashed the drives and now I can't rebuild the array.  The workaround discussed at 3ware [1] doesn't appear to do the trick, although it seems that my situation doesn't REALLY apply since I only have 4 ES.2 drives attached.  It still happens to me, possibly because of another cause?  At any rate, when it happens, I have to shut down the system and reseat the card the reset it.

The Seagate drive firmware is availabe here: http://seagate.custkb.com/seagate/crm/selfservice/search.jsp?DocId=207963.  It seems this is a known issue, as per http://3ware.com/KB/article.aspx?id=15501 .  This is also discussed here, http://3ware.com/KB/article.aspx?id=15385 .

Sources:

[1] http://3ware.com/KB/article.aspx?id=15501

[2] http://3ware.com/KB/article.aspx?id=15385

[3] http://seagate.custkb.com/seagate/crm/selfservice/search.jsp?DocId=207963

Scenario:

On a Windows Server 2008 machine running ISA/Threat Management Gateway Medium Business Edition, you enable the SSTP for VPN connectivity.  After a reboot, the server no longer handles server publishing on HTTPS (tcp 443) correctly.

TMG/ISA was set to publish on all IP addresses on the Internet network, as seen here:

Error message:

The Web Proxy filter failed to bind its socket to <ip address> port 443. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure. The failure is due to error: 0x8007271d

Solution:

Restarting the Firewall Service (as instructed) does restore the publishing rule, but breaks RRAS connectivity, and also requires additional steps each time the server is rebooted.  Move the SSTP publishing port to another port instead.

1. Locate the following registry path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\Parameters
2. Locate the entry ListenerPort, data type REG_DWORD
3. Edit the value from 0 to 86 (decimal), to bind the SSTP service to tcp port 86 (and therefore away from 443, allowing TMG to properly publish the HTTPS/SSL servers.  You can use the ListenerPort registry entry to change the server-side TCP port on which the SSTP server listens. You can set this value to any valid 16-bit port number. If the value is set to 0, the SSTP server listens on the default port number, depending on the value of the UseHTTPS registry entry. See [3] for more information about these registry settings.)
4. Reboot the server.

Discussion:

This is to be expected, since the SSTPSVC service will bind to port 443 to service the VPN requests.  Move the SSTP port publishing to another port and use TMG to (optionally) publish the port.

First, verify that the SSTP service is indeed causing the trouble.  I downloaded TCPView from SysInternals, but you can pick your own tool if you wish.  This is what I saw when I fired it up, showing System (the kernel) having bound to HTTPS, thereby preventing TMG from properly binding to the port to publish my SSL server.

Doing some searching, I found that netsh was used in Server 2008 to configure the kernel level socket pooling for IIS 7.0 [1].  That made sense.  At this point, I was suspecting TMG's own reporting service to be the cause, since it had installed IIS, and since I didn't remember activating SSTP on the TMG box.

So I figured I'd try to remove the entries via netsh, using show urlacl and show sslcert, then deleting the appropriate entries. 
    IP:port                 : 0.0.0.0:443
    Certificate Hash        : 47db64e8ea425333bbd7e5c847df00b3254f2d57
    Application ID          : {ba195980-cd49-458b-9e23-c84ee0adcd75}
    Certificate Store Name  : MY
    Verify Client Certificate Revocation    : Enabled
    Verify Revocation Using Cached Client Certificate Only    : Disabled
    Usage Check    : Enabled
    Revocation Freshness Time : 0
    URL Retrieval Timeout   : 0
    Ctl Identifier          :
    Ctl Store Name          :
    DS Mapper Usage    : Disabled
    Negotiate Client Certificate    : Disabled

delete sslcert ipport=[::]:443
delete sslcert ipport=0.0.0.0:443

(I tried to delete https://+:443/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ , as well.)  Upon reboot, however, I found that the urlacls were being recreated. [ http://justinho.com/files/media/image/SSL-03.png and http://justinho.com/files/media/image/SSL-04.png ]

Then I noticed this line: User: NT SERVICE\SstpSvc in the show urlacl command.  Bingo.

I immediately went to remove the SSTP role from the server.  However, I found that removing the RRAS/SSTP role and rebooting the server did not fix this; the SSTPSvc was still started, and still recreating registry entries, and binding to tcp 443.

I therefore went to configure SSTP to bind to a different port to workaround this problem [2] [3].

Based on the information in [3], I opened regedit and went to this path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\Parameters and changed the ListenerPort to decimal value 86, to bind SSTP to tcp port 86 instead of 443.

From [3]: You can use the ListenerPort registry entry to change the server-side TCP port on which the SSTP server listens. You can set this value to any valid 16-bit port number. If the value is set to 0, the SSTP server listens on the default port number, depending on the value of the UseHTTPS registry entry. For example, if the UseHTTPS registry entry is set to 1, the default listener port number is 443. If the UseHTTPS registry entry is set to 0, the default listener port number is 80. The ListenerPort registry entry is typically useful in configurations where the VPN server is behind a Network Address Translation (NAT) router or behind a reverse proxy. Notice that SSTP clients always connect to the TCP 443 port. This behavior cannot be configured from the clients.

Summary: If UseHTTPS is set to 1, SSTP will listen on 443 if ListenerPort is set to 0.  Since we want TMG to listen on 443, change ListenerPort to 86 (decimal).

After binding the SSTP service to port 86, rebooted my server, and my SSL/HTTPS sites were happily published.

[1] http://technet.microsoft.com/en-us/library/cc725882.aspx

[2] http://support.microsoft.com/kb/947032 How to configure a Secure Socket Tunneling Protocol (SSTP)-based VPN server behind a NAT device in Windows Server 2008.  This article describes how to configure a Secure Socket Tunneling Protocol (SSTP)-based VPN server behind a network address translation (NAT) device in Windows Server 2008.

[3] http://support.microsoft.com/kb/947054 Registry entries that Routing and Remote Access adds in Windows Server 2008.