Monday, May 12, 2008

Thanks, Microsoft, for SP3. I was getting tired of being happy.

UPDATE (THE FIX!!!): I decided to search Google again, and I found that several days after my support request, a new Microsoft support article (KB951830) was posted that describes the SAME problem as the old one (KB951446). However, in the new one, a HOTFIX is given. Strangely enough, that hotfix is NOT being distributed via Windows Update, and so you'll have to manually download and install it. I have informed the Microsoft support engineers (I've racked up two of them by now) about all of this.

NOTE: It might be important to note that before applying this patch, on the advice of the Microsoft support staff, I removed all registry keys that started with "$%&'()*+." (without the quotes). Evidently these keys are created by the SP3 install, but McAfee (which I was unable to disable due to network policy) wouldn't allow it. There were HUNDREDS of these keys (in each HKLM\SYSTEM\ControlSet*) and I had to delete them in SAFE MODE (to disable McAfee).

I also was asked to remove the keys (wordwrapped here):
None of those keys existed on my system.

UPDATE: After weeks of back and forth between me and Microsoft support, I'm finally in touch with an "Escalation Engineer" who is trying to get to the bottom of the problem.

Every morning, I'm still manually restarting my SharedAccess service after reconnecting my laptop. Otherwise, the Windows firewall blocks my access to the DNS running on the gateway. However, every other service gets through fine. That is, if I hard-coded my laptop's DNS, I think everything would be fine.

IF this problem is not a universal bug in SP3, it's something that was caused by installing SP3 with McAfee turned on (I can't turn it off due to network policy).

The Escalation Engineer seems to think that the problem might be fixed by installing a third party unsupported VBS script from some random blog by some Microsoft "MVP", but as far as I can tell, that fix prevents rebooting when SP3 is installed on some AMD systems. My system is an Intel Xeon system, and so I don't think it will make a difference. In fact, if I run it, it tells me that I don't need to run it because I'm on an Intel system. That's a good thing, because otherwise I'd have to uninstall SP3 and then run it. I would have been PISSED if the Escalation Engineer told me to uninstall SP3 and run the script just to find out that I had an Intel machine and the fix had NOTHING TO DO WITH IT.

Hopefully a hotfix is coming soon...
What a stupid fucking bug (KB951446) posted on May 6 with no indication that it will ever be fixed.

So, if you have a single computer (e.g., a laptop) connected to your ICS machine via a crossover cable, every time you disconnect that single computer, your ICS is going to die. The next time you reconnect, you have to restart the ICS service MANUALLY.

Remember that scene in High Fidelity where Rob explains to Barry that he just wants noise on in the background that he can ignore? That's the way I feel about Windows. I don't use it. I don't need it. I don't want it. I just have to have it for a few tedious things, and so I'd like it to sit back and do its thing without getting in my way. Right when I start forgetting that it's there, Microsoft goes ahead and does something to remind me it's still around. It's like some disease that just won't go away.

I've also heard a rumor that XP3's ICS restricts you to sharing your connection with no more than 10 other computers. That's pretty dumb too.


Andrzej Wroblewski said...

Hi, actually it's possible to bypass this bug by disabling windows firewall for local interface. Of course, everybody should be aware that this step creates a security hole on gateway machine (but only if trust to LAN users is limited). Just don't try to disable firewall for all interfaces, this may be really unhealty for your pc ;-).

Ted said...

In my case, the firewall settings are protected by a group policy set by the site administrators. So, disabling the firewall is not possibl for me.

Additionally, disabling a firewall on a machine used in this way will often defeat the purpose of the configuration itself.