Ninja Nichols

The discipline of programming

The certificate’s private key could not be accessed.

Parser Error Message: ID1024: The configuration property value is not valid.

PropertyName: serviceCertificate

Error: ID1039: The certificate's private key could not be accessed. Ensure the access control list (ACL) on the certificate's private key grants access to the application pool user.

After redeploying one of our IIS applications, we suddenly started getting this error message. We verified that the fingerprint matched the expected certificate and that the Application Pool setting “Load User Profile” was set to true.

The fix was to allow the AppPool user (NETWORK SERVICE) to read the certificate private key).

  1. Open the MMC snap-in by running mmc.exe.
  2. Select File -> Add/remove snap-in. Select Certificates and click “Add”.
  3. Select “Computer Account”. Click Finish. Click Next.
  4. Drill down to Personal -> Certificates.
  5. Right-click your certificate and select All Tasks -> Manage private keys.
  6. Add NETWORK SERVICE and give it “read” privileges.

Clone Windows Server 2008 KVM Virtual Machine

I recently needed to make several copies of an already configured Windows Server 2008 virtual machine. We are using the Linux KVM hypervisor library libvirt. These are the steps I took:

  1. Run Sysprep on the existing Windows Server 2008 to clear out any unique info such as IP address and hostname that might cause interference later.
    1. Run C:WindowsSystem32SysprepSysprep.exe
    2. Select “System Out-of-Box Experience (OOBE)”
    3. Check “Generalize” and select “Shut Down” from the drop down.
  2. Once the machine has shut down, clone the virtual machine:
    1. Run the command:
      virt-clone --original Server1 --name Server2 --file /var/lib/libvirt/images/Server2.img

      where --original is the name of the virtual machine to be cloned (You can get the list of names by running virsh list --all), --name is the name of the new virtual machine and --file is clone image to be created.

  3. Rinse and repeat as needed.
  4. Start the clones and give them computer names and IP addresses.

IIS Manager stuck minimized in Taskbar

I found myself in an odd predicament earlier when I couldn’t get the IIS Manager on one of our Windows Server 2008 R2 boxes to open. When I tried to open it, the IIS icon showed in the taskbar but clicking on it had no effect. I tried just about everything to restore it, even restarting the box to no avail.

The fix for me was to run Inetmgr.exe /reset which resets your IIS preferences, including window size and placement.

Export high resolution images from PowerPoint

PowerPoint makes it easy to produce professional looking graphics quickly. Sometimes I need to export high quality versions of those slides. By default, PowerPoint limits exports to a resolution of 96 DPI (by comparison, many printers use 300 DPI). However, it is possible to change the default DPI by creating a registry entry.

For Office 2007, browser to
HKEY_CURRENT_USERSoftwareMicrosoftOffice12.0PowerPointOptions

And create a new DWORD value called ExportBitmapResolution. Finally set the value to the DPI you want, e.g., 300.

Now you can export high quality slides by saving them as images.

Instructions for Office 2003 and a list of DPI values and their corresponding image sizes is available at http://support.microsoft.com/kb/827745

OCS Inventory (Where do I put cacert.pem?)

OCS Inventory is an inventory management system that can keep track of the machines connected to the network. It also features a package deployment system that can be used to run commands, install programs or copy files to the machines in the network.

There are a number of guides out there on how to set up the deployment system, but the problem I had is that they all tell you to copy your cacert.pem file in the “OCS Inventory Agent installation directory”. I thought that should be /etc/ocsinventory-agent/ but it’s not.

The directory where you should put it actually depends on the hostname of the OCS Inventory Server. Lets assume that my server is called “jones” and that I would access the control panel at http://jones/ocsreports. Then the location where I should copy the cacert.pem file on the computers running the OCS Agent would be /var/lib/ocsinventory-agent/http:__jones_ocsinventory/cacert.pem".

My New OpenBox Desktop

OpenBox is a minimalistic desktop window manager which can be run with or instead of Gnome or KDE. The whole environment is very customizable with nearly everything being controlled by a few scripts and XML documents.

Wallpaper: Arch gray
Icons: Elegant-AwOken (part of Elegant Gnome Pack)
OpenBox window decoration: 1977 OpenBox
GTK theme: Elegant GTK
Vim theme: wombat
Conky: .conkyrc plus power consumption script
Tint2: .tint2rc

Even Microsoft wants IE6 to die

Today Microsoft launched a new website in an effort to speed the demise of Internet Explorer 6. In a twitter post to the official Microsoft account the company proclaimed,

It’s not often that we encourage you to stop using one of our products, but for #IE6, we’ll make an exception: http://bit.ly/g0wt4m

The link redirects to the site, http://ie6countdown.com, which shows a map of estimated IE6 usage by country and announces the company’s goal to reduce the browser share of IE6 from 12% to 1%. From the map, it appears that the worst IE6 offender is China with 34% of Internet traffic coming from the browser compared with the United States’ meager 2.9%.

The site also offers suggestions on how to help friends and neighbors upgrade, declaring, “Friends don’t let friends use Internet Explorer 6.”

For anyone whose ever worked in web development, the demise of IE6 can’t come soon enough.

How much power is your laptop using?

Products like Kill-A-Watt show how much power appliances are using. It’s good way to measure your computer’s power consumption — when it’s plugged in. But what if I want to know how much power my laptop is using when I’m not plugged in?

Turns out it’s fairly easy to get battery info. Running cat /proc/acpi/battery/BAT0/state should return the current discharge rate and total battery capacity.

The trouble is that the “current rate” field sometimes switches between mW and mA. I have no idea why this is the case. Oh well, we can easily convert mA to mW with the formula: $latex watts = amps times volts $.

The end result is this conky friendly bash script:

[bash]
#!/usr/bin/env bash
# Print the current power consumption in watts.
# The script pulls the power consumption info
# from /proc/acpi/battery/BAT0/state
#
# Usage: power.sh [battery_num]
#
# Add to conky:
# ${execi 10 ~/conkyscripts/power.sh 0}
#

# Default is BAT0
BATTERY=0
if [ $1 ]; then
BATTERY=$1
fi

# Sometimes the "present rate" is returned in milliwatts,
# but sometimes it is in milliamps. If it’s in milliwatts,
# we just convert to watts and return. Otherwise we
# convert to watts with the formula:
# Watts = Amps * Volts

UNIT=`cat /proc/acpi/battery/BAT$BATTERY/state |
grep "present rate:" | awk ‘{ print $(NF) }’`

if [ $UNIT == "mW" ]; then
MILLI_WATTS=`cat /proc/acpi/battery/BAT$BATTERY/state |
grep "present rate:" | awk ‘{ print $(NF-1) }’`
e cho $[ $MILLI_WATTS / 1000 ].$[ ($MILLI_WATTS % 1000) / 100 ]
else
MILLI_AMPS=`cat /proc/acpi/battery/BAT$BATTERY/state |
grep "present rate:" | awk ‘{ print $(NF-1) }’`
MILLI_VOLTS=`cat /proc/acpi/battery/BAT$BATTERY/state |
grep "present voltage:" | awk ‘{ print $(NF-1) }’`
POWER=$[$MILLI_AMPS * $MILLI_VOLTS]
echo $[ $POWER / 1000000 ].$[ ($POWER % 1000000) / 100000 ]
fi
[/bash]

Hardware AES: Windows vs. Linux

Intel’s newest chips include a new AES hardware acceleration feature. My favorite cross-platform encryption utility, TrueCrypt, recently added support for the new instructions (Turn it on in Setting->Performance in Windows or Settings->Preferences->Performance in Linux).

However, I noticed something interesting when comparing the benchmark performance in Windows 7 to that in Linux. It seems that Linux is significantly faster than Windows, even though the acceleration is hardware-based.

Each data point represents the average of three (3) runs. The operating systems used were Windows 7 Professional 64-bit, Arch Linux 64-bit (latest) and Ubuntu 10.10 64-bit. Tests were performed on a ThinkPad T510 with an Intel Core i5 M 560 processor and 4 GB of memory.

Block Size Windows 7 Arch Linux Ubuntu
1 MB 377 MB/s 1.5 GB/s 1.5 GB/s
5 MB 798 MB/s 1.6 GB/s 1.6 GB/s
50 MB 1.1 GB/s 1.7 GB/s 1.6 GB/s
200 MB 1.3 GB/s 1.6 GB/s 1.7 GB/s

Bottom line: If you plan to do a lot of encryption, Linux will give you noticeably better performance, assuming all your data is already in memory.