I'm in the middle of rolling out Sophos as a replacement to the incumbent McAfee at work. One interesting thing that I found as I rolled out to some test users was that they were unable to log on to one of our internal systems using NTLM (integrated authentication). Instantly the roll out of Sophos was blamed - and I can understand why - the problem did not occur until Sophos was installed.

But the truth is that in it's dying breath McAfee had one last laugh and had un-registered jscript.dll and vbscript.dll. I can say that now because I've spent a morning with Sophos support and been on the brink of abandoning our roll-out until I looked into one of the side symptoms.

Sophos was ruled out as the cause because a) it did not effect ALL the Sophos test machines, just ones where McAfee was uninstalled b) with Sophos disabled (services and browser add on) the problem did not go away c) Uninstalling Sophos did not solve the problem. It did however, point me in the right direction - during the uninstall there was an error message, the fix for which was to re-register jscript.dll (clue #1)

When I opened Services.msc, the Extended view simply showed a blue frame - Standard view was fine. One of the fixes for this was to re-register jscript.dll and vbscript.dll (clue #2).

Clue #3 came when I googled McAfee and jscript.dll, rather than blaming it on Sophos. A myriad of pleas for help from McAfee users with stuffed browsers, update issues and the like.

The Solution 

 

• Download and run the McAfee Consumer Product Removal tool (http://service.mcafee.com/FAQDocument.aspx?lc=2057&id=TS100507)
• Reboot if required
• Open a command prompt (Start > Run > "cmd")
• Type the following commands in one at a time, hit enter and acknowledge the result
  • Regsvr32.dll jscript.dll
  • Regsvr32 vbscript.dll
• Reboot again

Now, let me take this opportunity to say that McAfee is a resource hogging, trouble making screwed up piece of software which I pray to God that I never have to support again. </rant> 

 

I have to support about 20 laptops with 3G connections in them, they're all Dell and range from D800s with PCMCIA 3G data cards, D830s with internal Dell Wireless 5520 Modems and some newer E4200s with internal Dell Wireless 5530 Modems. Both the D830s and the E4200s are shipped with Dell software to manage the connections. The D800s use Vodafone Mobile Connect, and have never, ever, caused me a problem.

The Dell software on the other hand, is a nightmare. The most common issue is the classic "Sim Card Not Found", which occurs most of the time. I have spent literally hours on the phone to Dell support and our telecoms provider trying to get someone to help. I have flashed firmware on the cards, upgraded BIOS, installed countless versions of the drivers and generally wasted a LOT of my time. We even got as far as replacing all the SIM cards with various different versions just to try and get a connection.

The final insult was when we ordered the new E4200s and they just would not connect to 3G. They'd connect to 56k WAP ok, intermittantly not recognise the SIM, but never actually manage 3G. After yet more hours of support calls and useless flashing of firmware, I struck gold.

The solution? Vodafone Mobile Connect. Bin the Dell connection manager software, it's unstable, buggy and does not work. Even on laptops we COULD get a connection, it crashed frequently. Not only that, but VMC has features far beyond the Dell solution. I don't know if other providers have their own software, or whether it's any good, but I can hazard a guess it will be better than Dell's.

Just a quick note to mark the fact that I've updated the look and feel of the blog - hopefully with a bit more space and cleaner lines. It's still teething, so report any bugs you see! I've had a bit of a cleanup of the categories to remove some of the less "category" like ones - they were being a bit blurred with the tags.

Lastly, I'm really quite amazed to say that my blog is now well over 100 visitors a day on a weekday, so thank you for visiting! (Now if only a few more clicked on the adverts, It would start to recover some of the cost of hosting!)

As ever, let me know what you think!

Sam

We have a folder redirection policy in place for all of our users in combination with a roaming profile policy - this policy is applied to the OU that contains our users. Unfortunately this policy was accidently linked to the root of our domain too, causing our Domain Admin users to be redirected too - something we do not want. When the mistake was discovered, the policy was unlinked, but the redirection remained (despite being set to revert when users fall out of scope). I tried re-applying the policy, modifying the out of scope policy and then moving the Domain Admin user out of scope, but it failed to remove the folder redirection.

In the end, the solution was straight forward enough:

Create a new OU (I used "Temp") and move the affected user(s) there:

Create and link a new Group Policy Object to the new OU. Name it something descriptive so you know what it is in future - Folder Redirection Removal.

Edit the group policy, drill down to User Configuration > Windows Settings > Folder Redirection and right click - properties on each folder you want to reset. Set the setting to “Basic – Redirect everyone’s folder to the same location” and set the target folder location to “Redirect to the local userprofile location”.

Select the settings tab and make sure the Policy Removal setting is set to “Redirect the folder back to the local userprofile location when the policy is removed.”

Set that for each folder you want to reset. Close the Group Policy Object Editor, and GPMC. Log onto the user's account on each computer you want to remove the redirection on - in my case, several servers. Check the location of the redirected folders to make sure it’s been removed. Once you’re sure, you can move your user back to the correct OU.

Having just rebooted my laptop, I clicked on the link to open VMWare Infrastructure Web Access in the my browser and was slightly puzzled by the "page cannot be displayed" error. I figured it was probably the VMWare Server Web Access service not starting for some reason, so I opened services.msc and checked it out. The Web Access service was actually running, but the Host Agent service was not, so I tried to start it - it failed. Dutifully opening Event Viewer for some more information I found the error:

The VMware Host Agent service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Great. Thanks for the elaboration. Time to check the VMWare logs, (c:\ProgramData\VMWare\VMWare Server\) - the most recent of which contained the following entry:

[2009-02-18 10:55:27.908 'App' 4408 info] Trying hostsvc
[2009-02-18 10:55:27.948 'App' 4408 panic] error: not well-formed (invalid token)
[2009-02-18 10:55:27.948 'App' 4408 panic] backtrace:(backtraces not supported)
[2009-02-18 10:55:27.948 'App' 4408 info] Win32 service stopped

 A bit of Googling pointed me in the right direction, "not well-formed" refers to the XML config files which are stored in c:\ProgramData\VMWare\VMWare Server\hostd, after that it was just a case of opening each one in turn until I found the malformed one. I backed it up and replaced it with a default version, and lo and behold, my services started!

Just a quick note on a little error I had installing OCS 2007. We have a lot of users that are set up to run services for applications - as such we have a fairly tightly controlled group policy regarding the permissions required to run as a service. This causes the error above to occur because the newly created users aren't given permissions to run a service. The solution is to add the newly created users to our Application Service group.

I added the RTCService user after the first installation failed, and ran again. It will fail a second time because the RTCComponentService is not created at the time the RTCService user causes the installation to fail the first time. Add the RTCComponentServiceto the group and it will install without any issues.

Our development SQL server is a monster...there are many many databases, and hundreds, if not thousands of backup files. With each patch tested on the software we sell, there is a new backup. With each client deployment, a new database. With each new major version, a new database. Backups of the new databases inevitably occur, and so we have more files, in more folders - most of which need to be kept in case of roll-backs, bugs or deployment issues.

This all adds up to a bit of an administrative nightmare, especially since the backups eat away at my storage at a phenomonal rate. Zipping the .bak files is great, but since each DB has it's own backup folder, it can become a bit of a nightmare to go through, zip and delete the .baks. For my first real foray into using PowerShell, I decided I'd write a script to take the legwork out of it for me.

# Powershell Script to recurse input path looking for .bak files, Zip them # and delete the .bak. function out-zip {   Param([string]$path)   if (-not $path.EndsWith('.zip')) {$path += '.zip'}   if (-not (test-path $path)) {     set-content $path ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))   }   $ZipFile = (new-object -com shell.application).NameSpace($path)   $input | foreach {$zipfile.CopyHere($_.fullname)} | out-null } $FileCount =0 $FilesZipped =0 $FilesDeleted =0 $InputPath = $args[0] if($InputPath.Length -lt 2) {     Write-Host "Please supply a path name as your first argument" -foregroundcolor Red     return } if(-not (Test-Path $InputPath)) {     Write-Host "Path does not appear to be valid" -foregroundcolor Red     return } $BakFiles = Get-ChildItem $InputPath -Include *.bak -recurse Foreach ($Bak in $BakFiles) { write-host "File: $Bak" -foregroundcolor Yellow $ZipFile = $Bak.FullName -replace ".bak", ".zip" if (Test-Path $ZipFile) {     Write-Host "$ZipFile exists already, aborted." -foregroundcolor Red } else {     Get-Item $Bak | out-zip $ZipFile     if(Test-Path $ZipFile)     {         $Response = read-host -prompt "Please wait for zip to complete then type c<enter> to continue..."         if($Response = "c")         {             $FilesZipped++             Remove-Item $Bak.FullName             if(Test-Path $Bak.FullName)             {                 Write-Host "File not deleted, manually remove $Bak.Fullname" -foregroundcolor Red             }             else             {                 Write-Host "OK" -foregroundcolor Green                 $FilesDeleted++             }         }         else         {             Write-Host "File delete aborted by user" -foregroundcolor Red         }     } } $FileCount++ } Write-Host Files found: $FileCount Write-Host Files Zipped: $FilesZipped Write-Host Files Deleted: $FilesDeleted

Obviously, this is not something I'd recommend you running lightly without serious testing on your own systems - that said, I hope it helps! I make no warantee or any kind of promise that you won't lose data by running this! It's just an exercise in PowerShell for me.

I was just installing PowerShell on one of my Windows Server 2003 servers, when I encountered the error "You do not have permission to update Windows Server 2003. Please contact your system administrator." Odd, especially considering that I was installing as the Domain Administrator, and that user should have more than enough permissions. A little bit of digging led me to MSKB 888791 which shows the permissions that are required in Group Policy to install the update. Check that your applicable GPO has the following permissions for your user:

• Back up files and directories
• Restore files and directories
• Manage auditing and security log
• Take ownership of files or other objects
• Shutdown the system
• Debug programs

 Once I found the missing permission (in this case, an Exchange 2003 installation had removed the "Manage auditing and security log" permission) and added it back in, I ran the command "gpupdate /force", logged off and back on again on the offending server and retried the installation. The error disappears and the installation is a success!

 

If you’re getting a error on your LAN connection it’s possible that your network connection is attempting 802.11 authentication on your wired network. Unfortunately, it seems that Vista/Server 2008 both attempt it before reverting. As far as I can see, it’s not causing any issues, other than irritating me with a “failed” and a red question mark.

Fortunately, it’s pretty easy to fix! The authentication is handled by the Wired AutoConfig service, so it’s just a case of disabling it. Navigate “Start”, then click “Run” (or just hit Win + r) and type “services.msc”. Click “OK” and the Services console will fire up.

 

Now if you scroll down to Wired Autoconfig and configure it as below (Stop the service, then select “Disabled” as the startup type).

Alternatively, you can enable 802.11 on your Windows Domain…but that’s another story!

I've just had a frustrating few days trying to downgrade 4 Dell Latitude E6500 laptops to XP. The problem was, whenever you booted to the XP cd you would get to the point just before you agree to the license and then hit a blue screen with a SATA error code. It seems that the bundled driver for the SATA storage controller incorrectly identifies it and causes a fatal error as it's loaded.

 The solution is fairly specific and needs to be done exactly in the order prescribed below. You will need a USB floppy drive, and a blank floppy disk.

•  Firstly, go to Dell's support website and select the downloads for your E6500 laptop (if you enter your service tag, you might find that there are no XP downloads available -use the product select instead).
• Download the LATEST BIOS - at the point of writing that's A11.
• Also download the Intel Matrix Storage Manager Driver.
• Plug in your USB floppy, insert the disk and format it. Extract the storage manager driver, and then copy the extracted files onto the floppy. Unplug the floppy
• Now run the BIOS update, follow the on-screen instructions, let it reboot and flash your BIOS.
• Reboot, and on the BIOS screen, hit F2 to enter into the BIOS setup.
• Move down to System Configuration, then SATA operation. Make sure it's set to IRRT.
• Move through the BIOS and disable Parallel, Serial, and any other devices that aren't needed. Switch the NIC to Disabled. Also go down to Miscellaneous Devices and ensure USB and the Modular bay (i.e. CD/DVD) are enabled. Disable everything else.
  
• Plug in your USB floppy, and insert the floppy containing the drivers from earlier. Also put your Windows XP install CD in the CD/DVD drive. Save your BIOS changes and then reboot.
• On the BIOS screen, hit F12 to bring up the one time boot menu. Select your CD/DVD ROM device.
• *IMPORTANT* The blue windows installer screen will come up and you have a few seconds to hit F6 to specify that you want to use a 3rd party driver for storage.
• Once you've hit it, wait for the next screen, which will be asking for your driver. Hit S and specify the Intel SATA driver needed. There were 4 drivers in the list for my laptops, trial and error will find the right one. It should say that Windows already has a driver for that device - do you want to use the new one? Well of course you do, the old one blue screens. Hit S to accept it and at the next screen, hit ENTER to continue.
• After that, it's plain sailing - just don't forget to enable all of your devices once you've installed XP!!!
  

 

Having recently installed an ESXi server, I am getting to grips with the management and administration of it, one of the things that I wanted to be able to do was connect to the remote terminal through SSH.

I downloaded my SSH client of choice, PuTTY, and set about connecting, however the server refused the connection. It seems that SSH is not enabled out of the box for ESXi and you need to go through some steps to get there - I found some helpful hints here.These are the steps that I took, based on the advice and some other research.

Go to the ESXi server console screen and hit "Alt+F1". This will switch you to a screen that looks like a log.

Type "unsupported" - you won't see it enter on the screen, just type it blind, followed by the enter key.

You'll see a nice warning, followed by a prompt for the root password. Type your root password and you'll now be at the comand prompt.

Now to edit the inetd.conf. Type "vi /etc/inetd.conf" which will open the conf file in the VI editor. If you're a Windows admin VI will seem a bit strange...just follow the instructions and you'll be ok!

Type "/ssh" to find the line responsible for the SSH config.

Move the cursor using the arrow keys over the # symbol at the beginning of the line, and then press "x" to delete it.

Now type ":wq!" to save the file and quit VI.

Back at the command prompt you can type "/sbin/services.sh restart" to restart the management services.

Next if your server is not running any VMs you can just restart it...if not you will need to identify the process ID for inetd.

Type "ps | grep inetd" which returns the process ID

Type "kill -HUP <process ID>" with the process ID you've just identified.

Type "exit" to log out of that console, and do another "Alt+F1" to switch back to the ESXi home screen.

Back on your SSH client you should be able to log in successfully.

If anyone visits here regularly, rather than by google search, you'll have noticed that I haven't posted much lately. This is because of a major office move at work which I have been managing from the technical side of things, and moving a 25 server operation isn't an easy job. I've upgraded the entire network infrastructure throughout from SOHO to enterprise products.

Normal service will resume shortly!

I was configuring our new Cisco ASA 5510 firewall today, as part of a major infrastructure upgrade. I'm pretty comfortable with the Cisco IOS, but I still prefer the GUI for the basic set up, using command line to tweak the finer or more complex configurations. However, straight out of the box, I had a very hard time getting the ASDM to load. Being familiar with the PDM from the PIX range of firewalls, I should have guessed the problem straight away. Essentially, whatever problem you're having with the ASDM, whether it's not loading, not reading the configuration or whatever, the answer is likely to be "uninstall your current version of Java, google java 1.4.2, install it, try again". It was the same with the PDM, and guess what? It's the same with the ASDM.

I recently tried to use Microsoft reader on my iMate K-Jam mobile, it's Windows Mobile 5 powered, so according to Microsoft it's fully supported. However, when I tried to activate, I got the following error:

"You have an older version of Pocket PC which does not support Activation"

Not true I cried, and after a lot of Google-ing and trying various different fixes that are posted on the net, I found the only one that actually worked for me!

It was as simple as adding the activation web site to the "Trusted Sites" zone in Internet Explorer, and running IE in the administrators context. It was one of those simple ones that really makes the 2 hours spent searching for an answer all the more frustrating.

I've got a feeling Microsoft should add notes to that effect on the site...never mind.

32-bit processors have a limitation of only being able to directly address 4GB RAM - their architecture was never designed to address more. 64-bit processors get around that limitation by being able to us 64 bits to address RAM (potentially 16,777,216 GB), but what do you do if you have an application that won't work on a 64-bit copy of Windows, but does need to utilise more than 4GB of RAM?

The answer is to use PAE (Physical Address Extensions) and AWE (Application Windowing Extensions). I blundered through PAE a little while back, and found that it didn't work as expected because I was using Server 2003 Standard. PAE is only available as part of Server 2003 Enterprise and Datacenter edition.

Back to the problem at hand, I have a memory hungry application that sits on a Windows Server 2003 Enterprise box with SQL server 2005 installed.

Firstly, we need to enable PAE to allow the 32-bit operating system to address memory over the 4GB limit. This is configured by adding the /PAE switch to the boot.ini.

We also need to repartition the 4GB of Virtual Address Space (VAS) that 32-bit Windows can address by using the /3GB switch in the boot.ini. This allows 3GB of RAM to processes running in "Application Mode" and 1GB RAM to the "Kernel Mode". If you're using more the 16GB of memory don't use the /3GB switch as PAE/AWE will need 2GB of RAM in the Kernel Mode.

The memory intensive applications will run in, you guessed it, Application Mode and will therefore be able to utilise the extended memory provided through PAE and AWE.

Since SQL server will run in the Application Mode memory partition and is AWE aware, it can be configure to reside entirely in AWE managed memory.

The user account that is used to run SQL server must be granted the "Lock Pages in Memory" right and the "AWE Enabled" setting in the configuration of SQL server must be set to "1". We also need to set the "Max Server Memory" to stop SQL server consuming all the AWE memory available. The "Min Server Memory" does not need to be configured as AWE memory is not released by SQL server.

Once that is all configured and a reboot applied, SQL server should only consume about 256mb in task manager, the rest having been loaded into AWE memory and not viewable from the Task manager.

For a little while now I've had an irritating problem with my Vista laptop. Whenever I insert a DVD, CD of any kind, pops up the message asking me to prepare a blank disk:

It's impossible to access the files on the disc and I don't want Vista trying to "prepare" my data disc. Quite irritating, but not irritating enough to fix right away.

Microsoft have a KB article about it, which has worked in some cases, but not in most. There are various advices around to do with firmware, software, reinstalling the device - here's how I fixed it.

So, first step - eliminate any CD/DVD burning software that might be causing a conflict. If you've got commercial software, make sure you have your license key and media to reinstall at a later date.

I have the excellent ISO Recorder, by Alex Fienman - but I need to eliminate that as a possible cause, and it's free to install. I also have Roxio, which I've never used and came bundled with the OS installation. I removed all of them through the Programs and Features control panel.

 

The next thing to do is check that there are no firmware updates for your drive, from the manufacturers web site. My laptop is a Dell Latitude D820, with a TSST TS-L462D drive - I found a new update and ran the installation. Follow the manufacturers instructions on this one.

Next, I followed Microsoft's article which involves editing the registry. Editing the registry incorrectly can seriously damage your computer, so back it up first, and be careful. Don't restart at this point.

 

If you've installed VMWare server at all, it disables the autorun feature on your DVD drive so you don't have problems with virtual machines - however this can also cause the problem.

• Open regedit, and change the following key:
  • HKEY_LOCAL_MACHINE\System\CurrentC­ontrolSet\Services\CDRom
• Change the "Autorun" value from "0" to "1" which enables auto run on your drive and has been known to fix the issue.

Another solution which has been posted on many support forums is to add a file to "temporary burn" folder in your profile. I have no idea why this would resolve the problem, but it's worth a try. This did cause the "you have files ready to burn to your DVD drive" notification.

• Open explorer, navigate to C:\Users\<user name>\AppData\Local\Microsoft\Windows\Burn\Burn
• Right click the blank space, click "New > Text Document"
• Try and access your drive.

And finally, open up your Device Manager, locate your DVD/CD drive, right click it and uninstall. Restart your computer - when you do the registry edits will take effect and the device will reinstall.

 

Hopefully at this point you'll have a working, fully functional DVD drive.

If, like me, you enjoy a bit of design in your free time then I have a great site for you...

Blog Spoon Graphics is a fantastic site, with loads of free vector graphics downloads that you can use in your designs. It's also got some great tips and stuff on vector art - take a look!

This is probably a little off-topic, but hey - I like this site! And no, I haven't sold out, it's not a sponsored link...I just like it!

So I was testing the configuration on my Exchange 2003 server in preparation for the roll out of some Windows Mobile devices when I recieved the following error:

Outlook(R) Mobile Access is supported only on Microsoft(R) Exchange Server 2003. Currently your mailbox is stored on an older version of Exchange server. Please contact your system administrator for additional assistance.

"That's odd", I thought, "I only have Exchange Server 2003 in my organisation, how can I have an older version of Exchange?" It turns out that this has nothing to do with the version of Exchange you are using. I have set up my Exchange OWA to require SSL (see previous article on SSL and Integrated Authentication) and apparently this can cause issues for OMA.

The Microsoft-Server-ActiveSync and Outlook Mobile Access virtual directories cannot access the contents of the user's mailbox if the Exchange virtual directory is configured to require SSL. The Microsoft-Server-ActiveSync and Outlook Mobile Access virtual directories only try to connect with the Exchange virtual directory over TCP port 80 (HTTP), not over TCP Port 443 (HTTPS).

To resolve this, you need to follow these steps from MSKB 817379

1.	Open Exchange Manager.
2.	Expand Administrative Groups, expand the first administrative group, and then expand Servers.
3.	Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
4.	Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
5.	Click the Settings tab, clear the Enable Forms Based Authentication check box, and then click OK.
6.	Close Exchange Manager.
7.	Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).

 Additionally, you must use Internet IIS Manager to create this virtual directory for Exchange ActiveSync and Outlook Mobile Access to work. If you are using Windows Server 2003, follow these steps:

1.	Start Internet Information Services (IIS) Manager.
2.	Locate the Exchange virtual directory. The default location is as follows: Web Sites\Default Web Site\Exchange
3.	Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
4.	In the File name box, type a name. For example, type ExchangeVDir. Click OK.
5.	Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
6.	In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
7.	Under Select a configuration to import , click Exchange, and then click OK. A dialog box will appear that states that the "virtual directory already exists."
8.	In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
9.	Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
10.	Click the Directory Security tab.
11.	Under Authentication and access control, click Edit.
12.	Make sure that only the following authentication methods are enabled, and then click OK: • Integrated Windows authentication • Basic authentication
13.	On the Directory Security tab, under IP address and domain name restrictions, click Edit.
14.	Click the option for Denied access, click Add, click Single computer and type the IP address of the server that you are configuring, and then click OK.
15.	Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
16.	Click OK, and then close the IIS Manager.
17.	Click Start, click Run, type regedit, and then click OK.
18.	Locate the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
19.	Right-click Parameters, click to New, and then click String Value.
20.	Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify. NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
21.	In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.
22.	Quit Registry Editor.
23.	Restart the IIS Admin service. To do this, follow these steps: a. Click Start, click Run, type services.msc, and then click OK. b. In the list of services, right-click IIS Admin service, and then click Restart.

Recently I wrote a little utility for a client using the excellent Html Agility Pack to read and navigate through a HTML page, selecting the data that was needed and parsing it - basically a screen scrape. I downloaded the source, compiled it, added a reference to the dll in my project and tapped away for a few minutes and et voila, within a few minutes a working screen scrape. A fantastic library.

On uploading the project to my GoDaddy web hosting however, I encountered a problem. You see, my hosting is a shared hosting environment, and like most such webhosting environments is set to a Medium Trust level for .Net applications. As MS dryly puts it:

Applications that receive less than full trust by the runtime code access security system are not allowed to call shared managed libraries unless the library writer specifically allows them to through the use of the AllowPartiallyTrustedCallersAttribute Class. Therefore, application writers must be aware that some libraries will not be available to them from a partially trusted context.

The solution, although slightly confusing from the MS documentation, is actually very simple. I opened the HtmlAgilityPack source code, and edited the AssemblyInfo.cs file. Firstly, add a reference to the AllowPartiallyTrustedCallersAttribute:

[assembly: AllowPartiallyTrustedCallersAttribute()]

Since AllowPartiallyTrustedCallersAttribute is part of the System.Security namespace, we must add a reference at the top of the page:

using System.Security;

I then rebuilt the project, rebuilt the web project and it now works like a charm.

I needed to use PowerShell for something today on my Vista laptop, but was unable to install the file. I had the normal UAC permission required when I ran it,  but then it failed with this error

Installer encountered an error: 0x80070422

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

It turns out that you need to enable the Windows Update service in order to use an MSU file. How backwards is that? Well, lets see, I have to run a SERVICE in order to be able to install applications.

Incidently, PowerShell is fantastic, I'm just getting used to using it at the moment, probably more to come on that!