Forefront TMG 2010 Error

Not saying this will definitely fix the problem, but if you get this error when visiting some sites (esp. ebay!):

“Technical Information (for support personnel)
Error Code: 502 Proxy Error. The data is invalid. (13)”

Before even walking to the brick wall (against which you will bang your head with this problem) try installing this hotfix:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=695d0709-0d8b-45ee-afdb-727c4428ca4d

(having of course read up about the update at http://support.microsoft.com/kb/2288910:))

I got pointed to these 2 links by:

http://support.microsoft.com/kb/2423401

Which didn’t describe the problem accurately at all, but I guessed that maybe SP1 for ForeFront had introduced some HTTP compression errors so installed the above hotfix and this sorted it. I have to say that the brief time I spent surfing for this, it does only seem to be ebay that causes this problem.

UPDATE: you still need to turne HTTP compression off…

LSI MegaRAID problems

Okay, for the time being I’d advise you to stay well away from LSI Logic MegaRAID SAS PCI Express ROMB controllers (no precise versions unfortunately, but the ones I’m having trouble with have a “Web BIOS”).

Basically, these controllers don’t seem able to keep hold of RAID configs. This may have something to do with slow v. fast initialization but at the end of the day it’s up to the RAID controller to protect the disks, which this one doesn’t seem to be doing.

To explain further, we’ve had a lot of problems with some servers running these controllers; the arrays seem to fall apart at the slightest provocation (such as replacing half a RAID 1 set with a new disk) which may be because the arrays are not being fully initialised (which is why I’m testing 3 arrays at the minute, 1 “fast initialised” and 2 “slow initialised”). I’m not sure how these controllers work, but I’ve been told that they keep a lot of the config. on the disks so that you can- theoreticaklly- swap the disks from one server to another and pick the config up easily.

However… what seems to be happening is that the config. definitely isn’t on all the disks because if you try and break a RAID array and supply a fresh disk (as would happen in a real-world failure situation) the controller freaks out and messes all the arrays up (not just the problematic one). This happened last friday (21/01/2011): I started out with Array 0 (R5), Array 1 (R5) and Array 2 (R1). I pulled (carefully!) half of Array 2 and put a fresh disk in. The controller duly noted the clean disk, so I asked it to rebuild Array 2. At this point the OS crashed and I was left with: Array 0 (R5), Array 1 (R1) and Array 2 (R5). How it got this config. I don’t know; but it did, and also started complaining that the arrays were (naturally) severly degraded and that some of the disks were even offline completely. I’ll update this post soon, but at the moment these controllers aren’t looking good.

Free anti-virus solutions

Hmmm… after being quite happy with AVG free for a while now, it’s recently ground to a halt by repeatedly asking things like “Are you sure you’re happy with the free version” etc etc. So I thought I’d ditch it in favour of Microsoft Security Essentials, but this also froze up a new-ish Windows 7 machine immediately after logon. So… back to Avast!, which so far- apart from the initial download “nag”- has speeded up the machine dramatically (especially logon, which was a real problem with MS Security Essentials) and isn’t constantly harping on about upgrading to the paid-for version. I don’t really understand why AVG and MSSE went slow; the machine in question has an Intel Celeron 2.2GHZ CPU with 3GB RAM, so it’s hardly underpowered for basic Office use/ web browsing.

TMG noob (eejut)

Since switching over to TMG for proxying, most of the requests have been pretty easy; “I can’t get to http://www.whatever.com”- please let me have access!”. However, one person was struggling with an https site shortcut that wouldn’t get through TMG’s certificate validation option. Basically, the URL started with https://www…, but the certificate was issued to https://secure… I tried everything to get this site past TMG then hit on the obvious fix; change the shortcut so the URL now started https://secure…

It’s been one of those weeks.

Group Policy Preference Shortcuts

This came up because we’ve change our web filtering soution, and our new proxy wasn’t handling our internal ftp server too well (basically, it behaved differently depending on whether you were accessing it through IE or “Open FTP site through Windows Explorer”).

As I’d previously found out how to pass explorer an ftp URL directly (put the ftp site in double quotes after c:\windows\explorer) I thought I’d have a go at publishing shortcuts to people’s start menu. I thought I’d figured out how to create a shortcut pretty quickly, but kept getting these events:

“…Group Policy object did not apply because it failed with error code ‘0x80070002 The system cannot find the file specified.’ This error was suppressed.”

This threw me for quite a while as I assumed it meant it couldn’t find explorer.exe initially, then thought maybe it couldn’t handle spaces in shortcut names (which would be kinda stupid).

Turns out it was nothing of the sort. The “Target Path:” field must contain only the path to a single executable. Anything else- switches, arguments etc- must go into the “Arguments:” field. This sorted it all out so every PC now has a functioning shortcut on the start menu pointing to our ftp site.