Author: Andreas Stenhall

Vista SP1 installations fail with error code C004F013

The first time I installed Windows Vista Service Pack 1 beta on my work laptop it seemed to install fine, but after logging in for the first time it wanted me to activate Vista to be able to continue. Strange I thought and of course I tried to activate it since our MAK key was in the image already. But instead of activating Vista the computer would just restart and the SP1 installation was reverted and the installation eventually was pronounced as failed with error code C004F013. I tried installing SP1 again and then it was installed successfully.

After doing another Vista deployment and installing SP1 I found out that the exact same thing happened again, and then again on another machine. I then filed it as a bug on Connect as the problem was also occuring with the standalone version as well as the one from Windows Update. Microsoft has now implemented a workaround for the problem but they are still working on finding the origin of the problem to be able to provide a solid solution to the problem.

I must really say that I’m impressed by Microsoft as they have been very professional and helpful in resolving the Service Pack 1 issues I’ve reported.

Tagging files in Vista leaves a lot to wish for

Windows Vista has built in functionality for letting users tag files with keywords and other metadata, making it lot easier to find. You can then create “virtual folders” based on saved searches for explicit keywords of the files you have tagged, having different virtual folders for different projects for instance. The only letdown is that you are only able to tag a few file formats and those are:

  • Microsoft Office Word, Excel, PowerPoint and Access files.
  • Windows Media Audio and Windows Media Video files.
  • TIFF and JPEG files.
  • MP3 files.
  • XPS, Microsofts replacement for PDF.
  • MSI installer files. (Yes Windows Vista support MSI files tags but this is in practice not very usable at all.)

As you can see this leaves a lot of file formats to wish for. For this excellent feature of Vista to be really useful I would like to be able to tag PDF files, PNG image files, favorites, web files and much more. One problem though is that the metadata and tags are stored in the actual files, not in alternate data streams on the file system itself. The advantage of this is that you can be sure that the metadata will always stick with the file if you move it or send it to someone via email.

I have during the beta testing of Vista tried to find out more about how this file tagging actually works and why more formats are not supported. I mean PDF files can contain tags and comments, what is stopping Adobe or Microsoft from making Vista tags work with PDF files? Sadly Service Pack 1 seems to make no changes at all regarding the ability to tags files. If anyone have more information about tagging files in Vista please leave a comment!

Vista SP1 change causes Kerberos problems

After installing SP1 I can no longer access my network shares which contain my Documents. After contacting Microsoft they have concluded that there actually is a change in the way Windows Vista SP1 handle Kerberos communication. The changes affect only when you use Active Directory to store accounts which is then mapped using altSecurityIdentity to use the password from an external Kerberos server. In my case we are using a Heimdal Kerberos server but the problem might affect users of MIT Kerberos as well. Logging in to the Windows system itself is not a problem, the only problem seems to be when accessing file shares (using CIFS).

Until the Heimdal Kerberos is patched to solve this problem there is a work around for the problem. On the client computer you have to add a registry key with your domain name and then add a REG_SZ value named “SpnMappings” with the value “.your.domain.com” in the registry key below:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ 
Kerberos\HostToRealm\YOUR.DOMAIN.COM

After restarting the computer you can access the network share as expected.

Manage ActiveX controls with GPOs in Vista

As you might know there is no good way to control the installation or blocking of ActiveX controls for standard user accounts. Windows Vista introduces a cure to this, and it is called ActiveX Installer Service. This service is not installed by default but can be found in Programs and Features > Turn Windows features on or off. I recommend that you add this component using an unattended answer file in corporate environments. Once installed you can control if a standard user should be able to install certain ActiveX controls or not. I have not found any good step-by-step guides for configuring this so here it comes:

1. When you go to a web site and try to install an ActiveX control, an event is logged in the event viewer specifying the exact origin and http or https address where the ActiveX control resides.

2. Enter the address you found above in the group policy setting “Approved Installation Sites for ActiveX Controls” found in Computer configuration\Administrative templates\Windows Components\ActiveX Installer Service with the additional settings for example 2,2,0,0.

To allow for instance the Windows Genuine Advantage to be allowed to be installed by a regular user you can add the address http://download.microsoft.com with 2,2,0,0. Now you can refresh the policy on your test computer and go to Microsoft Download Center and there try to validate and install the WGA ActiveX control as a regular user account without administrative privileges. Voilà!

Smart card problems with Dell Latitude and Vista

I only have my domain administrator account on a smart card to improve security in my domain, but this is not working as one can expect in Vista. Sometimes, especially when I wake the computer from sleep but also at other times, the credential tile for smart card authentication vanishes as the Smart card service stop working somehow. The only solution to this issue is to reboot the computer unfortunately. After becoming sick and tired of the problem I called Dell from which I got a beta driver. This driver seems to be somewhat more stable but not 100 percent stable. SP1 makes no difference either.

Backing up files in Windows has never been easier

I’ve been using Windows Vista daily since the early beta days and I must admit I feel a bit ashamed of the fact that I just recently started using the excellent backup features of Windows Vista. For the last week I have been using the automatic backup feature that is a part of Windows Vista Business, Enterprise and Ultimate editions and I must say it is a really handy feature. A few clicks and I have everything backed up to another computer on the network automatically every day. What’s even handier is that only the first backup to run contain the whole contents of the files, all subsequent backups are only incremental, saving storage space and time it takes to perform the backups.

Windows Vista SP1 is really an improvement!

A few nights ago I spent a lot of time on doing some performance tests about Windows Vista Service Pack 1 for publishing in a magazine. I compared several areas such as copying files from hard drive to another hard drive as well as over both wired and wireless networks. I also ran benchmarking tests with 3DMark06 and PCMark05 as well as the FPS-test in Half-Life 2 Lost Coast and finally I compared extracting files from a zip file. I can just say that Vista with SP1 out-performed Vista RTM in all tests, in some tests by far! This is very promising for the final release but on the other hand it is also a sign of the fact that maybe Vista wasn’t so ready to be released in November last year after all?

Anyway, in the test of copying files over the wired network the time it took with Vista RTM was 4 minutes and 4 seconds and with Vista SP1 it was 3 minutes and 9 seconds, quite an improvement. Extracting the files with Vista RTM took 2 minutes and 12 seconds while it just took 1 minute and 25 seconds with Vista SP1. Maybe I ought to run the same tests on my XP installation on the same machine, but do we dare to see that result?

Long file names still a problem in Vista

Apparently there is a bug in how Vista handles long file names, and it can easily be reproduced. When I download files from Microsoft Update Catalog, the file names of the files that are downloaded are very long, but still not that long. The files are saved to the NTFS formatted hard drive and I can use Windows built-in function to compress the files to a zip file. So far so good, the problems arise when I want to extract the compressed files, where Vista then says that the filename is too long for the file system to handle. This makes me wonder how I could first save the file to my computer, then zip it, but now I am not allowed to extract it? Strange to say the least!

The Vista DVD considered to be a security threat

The Windows Vista DVD is to be considered a security threat! By starting a computer from the Vista installation DVD and choose to Repair the computer instead of installing Vista, the user gets to a number of choices amongst them a command line (cmd.exe). By starting the command line tool you will have full access to all files on the computer and might easily copy them to a removable device of your choice. This is a big difference from Windows XP where you at least had to login to the Recovery Console with an administrator account, in Vista you just get full access to all the user and system files on the computer, no questions asked.

I however live by the principle that if anyone has physical access to a computer it might be compromised anyway, but still it is good to know about this potential security hole. Laptop computers might contain sensitive data and can easily be accessed by anyone who gain access to it if it should be stolen for example. The only way to my knowledge to protect from this “attack” is to use BitLocker (or possibly other encryption software). By using BitLocker the system partition is encrypted and you cannot access it using the method I describe above. If you install Service Pack 1 for Vista you will also be able to encrypt all partitions and disks on your computer, protecting your files and data further, not just the system partition. The BitLocker encryption function is only available with Windows Vista Enterprise and Ultimate Edition

Dell’s audio beta drivers necessary for deploying Vista

Anyone that has tried to integrate the SigmaTel audio driver that Dell provides for Vista in an install.wim has learned that the sound does not work after deploying that image. The effect is that the device seems to be installed correctly in the Device Manager but looking at the speaker’s icon in the notification area or from the Sound control panel just say ”No audio output device is installed”. This is a known bug in the SigmaTel drivers for all Latitude computers utilizing the SigmaTel audio chip, meaning all laptops from Latitude D610, D620 to D630 and all D4xx and D8xx versions as well are affected by the problem . Dell has given me a beta driver dated late July this year but they seem unwilling to give this to the public or to release a new stable driver. I suggest that anyone that experience this problem contact Dell and demand they release a new audio driver for SigmaTel audio cards as soon as possible. The driver  package number is R164710.