Windows Server 2008

We have a client who runs an ecommerce package called asp.net storefront (we are in the process of moving them to AbleCommerce) A few weeks back, they began to hear customers complaining that they could not add items to their cart, or items in the cart would disappear. I traced this down to a cookie issue and updated default security settings in IE. The default security for the internet zone in IE 7 is not to accept cookies from sites that do not have a Compact Privacy Policy.

This is basically a set of files conforming to the W3C p3p standard and consists of the following:

p3p.xml - this is a policy reference file and it should live in a directory named W3c at the root of the server.
clientname.p3p - (or .xml, as we'll see later) this is the xml privacy policy
clientname.htm - this is the html privacy policy
clientname.txt - this is the compact policy file that is used to generate http headers

All of these files can be generated using a p3p tool from IBM: http://alphaworks.ibm.com/tech/p3peditor

A couple of caveats:
1. the compact policy file generated by the tool for the http headers only contains this:
CP="CAO DSP CURa ADMa DEVa TAIa CONa OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"

the full header should look like this:

P3P: policyref="http://www.CLIENT.com/w3c/p3p.xml", CP="CAO DSP CURa ADMa DEVa TAIa CONa OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA"

2. When generating the actual policy file, the tool wants to save a file with a .p3p file extention, which is fine if you add the mimtype .p3p text/xml into iis and restart your server. But if you don't want to restart your server, you can just save it with an .xml file extension.

We have a CFMX-based Web Content Management System that manages multiple websites. The system uses name-based virtual hosting and the public facing website(s) and the ESM application can live on the same box running on a single IP address or on seperate machines with seperate IPs. The Enterprise Site Manager uses web services extensively as do the sites that are being managed. The webservices are invoked using the same URL on the seperate sites:

http://www1.clientwebsite.com/wsdl/index.cfc?wsdl
http://www2.clientwebsite.com/wsdl/index.cfc?wsdl
http://www3.clientwebsite.com/wsdl/index.cfc?wsdl
http://ECMS.clientwebsite.com/wsdl/index.cfc?wsdl


Using name-based virtual hosting with a single IP, there are no problems with this when running cfmx under apache, everything works fine. But if you run this kind of set up under IIS some strange things happen: Once the wsdl URL is invoked it is cached in the Default Application pool simply as /wsdl/index.cfc?wsdl so whether you are calling the ESM wsdl, or any of the client site wsdls you may of may not get the right one. What this means is that if you have name-based virtual host applications running under IIS that have the same URLs as one another, you MUST run each site under it's own application pool otherwise you can expect to see some wacky results on your URL calls.

July 27th, 2007 (Last Friday Of July)
8th Annual
System Administrator Appreciation Day

If you can read this, thank your sysadmin


http://www.sysadminday.com/

I just installed the Windows Server 2008 CTP June release on a P4 laptop with 1 G ram. The install went just fine, but when the OS booted up, I was informed that my Product Key had expired and I needed to reenter it or activate online. However, when trying to activate, the activation service returned a Error Code 0x80072F8F. The I tried to go with the Limited Functionality option, which will launch IE7 and connect you to a Microsoft site so you can buy a license. Well, IE would not connect via SSL to the MS site, so I did a little googling on the error code and found out it is generally related to a time issue (date on the computer is too far off the date that the SSL server is using.

So, I rebooted the machine and dropped into the Bios where I saw that the time and date in the cmos was set to 1/1/1998. Crap, bad cmos battery. But since the machine is plugged in and turned on, I figured I could just set the bios clock to the right date and time and everything would work out. No such luck. When rebooting again into the OS, I got the same bad license key screens. This time, though, when attempting to activate the product it returned Error Code 0xC004E003 "The Software Licensing Service reported that the license evaluation failed." Great. I have to assume that's b/c the date was out of whack during the install, and the attempts to activate it failed.

Next step, reinstall the OS with the correct date/time in the bios and see if that works...

And Voila, that works. However, I'm pretty sure now that if I shutdown the machine the cmos clock will twist back to 1998 and if I don't jump into the bios to reset it before the OS comes up, I'll get screwed again. Of course the right thing to do is replace the battery. Too bad the CMOS battery in the Sager laptop is so freaking hard to get to...