TechOnTip Weblog

Run book for Technocrats

Archive for January, 2013

Internet Explorer – F12 Developer Tools not working or grayed out

Posted by Brajesh Panda on January 24, 2013

I was doing some ADFS troubleshooting related to cookie and was trying F12 to open the Developer Tools window. But it was not working at all.

As Menu bar is not visible, did F10 to check if there is something wrongly configured and found F12 options under Tools is grayed out.

After doing some Google research found there a GPO setting for this. Start – Run – Gpedit.msc – Local Computer Policy – Computer configuration – Administrative templates – Windows Components – Internet explorer – Toolbars – Disable the “Turn Off Developer Tools” setting

Here is how it looks like now when I do F12 on webpage. To view cookie information click on Cache – View Cookie Information. It will open another Tab with all detailed information. You can clear cookie for this domain from Cache tool – kind of cool, without deleting other information. However this option only shows cookie of current website.

Does anybody know how to read other already existing cookies in IE cookie store for other websites which I have already accessed?

If you want to read about cookie management in Chrome, read here.


Posted in Mix & Match | Leave a Comment »

Rename IIS Anonymous (IUSR) Account

Posted by Brajesh Panda on January 17, 2013

Applied to IIS 6.0

When we install IIS, it creates two user account IUSR_Computername & IWAM_Computername. IUSR stands for Internet User, IWAM – Internet Web Application Manager

If you rename them thru Computer User management section, you will find another two accounts get created with same old names. Even if you delete these two accounts they will automatically get created in next IIS restart or Os Reboot. Well these accounts are completely managed by IIS Metabase. So to rename them we have to edit IIS Metabase. Before you do anything in IIS Metabase make sure you have a good backup. To backup IIS Metabase

Right Click IIS Server Name -> All Tasks -> Backup and Restore config -> Then Click “create backup”

Let’s edit metabase file

  • Stop IIS so we can edit the metabase file
  • Open C:\WINDOWS\system32\inetsrv\Metabase.xml in Notepad or anyother text editor
  • Search for AnonymousUserName (for IUSR account) and change the value to IUSR_<whatever you like>
  • Search for WAMUserName (for IWAM account) and change the value to IWAM_<whatever you like>
  • Save Metabase.xml 
  • Start IIS Admin Service
  • Open User Management console in Windows, you will find two new accounts with new names

Posted in IIS | Tagged: | Leave a Comment »

Convert Windows 2012 User Interface between Server Core, Minimal GUI & Full GUI

Posted by Brajesh Panda on January 17, 2013

Windows 2012 brings in another user interface for use; GUI, Server Core & Something in-between called Minimal Server Interface

  1. Server Core – always installed and enabled; the baseline feature for all Windows Servers
  2. Server Graphical Management Tools & Infrastructure – functionality for Minimal Server Interface
  3. Server Graphical Shell – equivalent to Server with a GUI

Key thing is you can change between this interfaces whenever you want.

Complete GUI = Server Core + Graphical Management Tools & Infrastructure + Graphical Shell

We can use powershell to change from Full Graphical to Minimal Interface & Back.

Conversion need server reboot. For minimal server interface we can use below commands to install and uninstall server-gui-shell feature.

Install-WindowsFeature Server-GUI-Shell

Uninstall-WindowsFeature Server-GUI-Shell

But if we want to convert from Server Core, we need to define the path to server WIM image files, else Features On Demand will be looking for interent to download them; size of data is too large i.e. more than 4GB.

You can set a local path or network path for this and use below command to install.

Install-WindowsFeature <featurename> -Source wim:<path>:<index>,

To find the Index

Here is the full command to install ServerDataCenter, with Index 4

Posted in Windows 2012 | Leave a Comment »

How to KILL an ESXi Virtual Machine?

Posted by Brajesh Panda on January 17, 2013

Well most of the VMware administrators must know this. In past I have also posted another article about How to KILL a Hyper-v VM? I mostly use these steps when VM is unresponsive and power off button is grayed out.

  1. Run the esxtop utility using this command:
  2. Press c to switch to the CPU resource utilization screen.
  3. Press f to display the list of fields.
  4. Press c to add the column for the Leader World ID.
  5. Identify the target virtual machine by its Name and Leader World ID (LWID).
  6. Press k.
  7. At the World to kill prompt, type in the Leader World ID from step 6 and press Enter.
  8. Wait 30 seconds and validate that the process is no longer listed.

Posted in VMware | Tagged: | Leave a Comment »

Cookie Management in Chrome

Posted by Brajesh Panda on January 11, 2013

During troubleshooting ADFS integrated SharePoint environment & related Authentication cookies, experienced a nice Chrome GUI to manage its cookies.

Usually Chrome stores its browser cookies at C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default. But not readable though. So we need a special editor to read them.

Well I was trying F12 option to open the debugger window to read my cookies like in Internet Explorer. Cookies looks great but time is in GMT format. Also F12 only shows you cookies related to the opened website in the same page.

While searching a editor to read the chrome Cookie data base found something like this;

Just type chrome://chrome/settings/cookies  and enter. It will open up below window, you can search & read cookie contents for any specific website.

See my beta site has two cookies

Click the cookie name & it will open up details of the cookie. Check out those cookie expiry details etc. Here expiry dates are shown in local time – kind of neat.

Posted in Mix & Match | 1 Comment »

LoginToRP – Auto Select Relaying Party

Posted by Brajesh Panda on January 11, 2013

From last couple of weeks I was working to integrate few cloud based applications to our corporate active directory using AD FS 2.0 & SAML Web SSO.

All of these cloud providers support only IdP initiated SSO with ADFS. Before this integration we have had only SharePoint integrated to our AD FS farm. So never got exposed to IDP initiated method/procedures in our environment

While using IdP initiated sign on, user has to visit https://<ADFS-Public-URL>/adfs/ls/idpinitiatedsignon.aspx to get a list of Relaying Party & select the RP & sign to access the application. Even if you go to the service provider’s application URLs directly, they will redirect you to this URL. But I was not impressed with the default relaying party selection page. It need some level of branding work to release it to end users. And after all need little bit effort to inform users about this selection stuff, because this is going to be new to our environment.

While researching how to get rid of this; I found “LoginToRP” parameter; using this we can create a special URL thru which we can forcefully select a relaying party. So instead of redirecting the application to above default IdP initiated sign on URL, if we can redirect the application to this new URL, we can avoid the manual section drop down list of relaying party.

Here is how the new URL looks like;

https:// https://<ADFS-Public-URL >/adfs/ls/idpinitiatedsignon.aspx?LoginToRP=RelayingPartyIdentifier

Instead of RelayingPartyIndentifier you have to type Identifier information for that relaying party. You can find this information from relaying party properties & identifier tab in your ADFS farm. It can be URL, word or in URN format.

Here is another way to do this

Posted in ADFS | Tagged: | 4 Comments »

Samsung Youm – Bendable Phone

Posted by Brajesh Panda on January 11, 2013

Like always innovation rules!!

I believe “Samsung Youm” technology is to bring in another revolution in Display technologies. And as a hardware provider they are pulling in right partner base… Imagine Windows Phone or Android on a Bendable Phone DeviceApple was early smart adapter of Touch Screen & ripped a lot from the market with their set of consumer innovations. While US Patent court punished Samsung for copying issues with Apple Patents, looks like they are coming out with revolutionary technologies… I see the win of consumers.

Here is the technology used for this product – OLED

Here are two video links from Samsung & Microsoft


Posted in Mix & Match | Tagged: , , | 3 Comments »

R.I.P. Hotmail/MSN/Live Messenger

Posted by Brajesh Panda on January 9, 2013

Day before yesterday I have received this communication from Microsoft Messenger Team. Seems like they are discontinuing lovely Messenger services.  Well last week while logging into Skype, I noticed Windows Sign-in option over there. After I tried with my ID, it helped me to import all skype contacts .  Well I have already integrated my facebook contacts too.  So kind of nice to have 3 things into single tool.

Here is the communication I received.


On 15th March 2013 we are retiring the existing Messenger service globally (except for mainland China where Messenger will continue to be available) and bringing the great features of Messenger and Skype together. Update to Skype and sign in using a Microsoft Account (same as your Messenger ID) and all your Messenger contacts will be at your fingertips. You’ll be able to instant message and video chat with them just like before, and also discover new ways of staying in touch with Skype on your mobile and tablet.

Update Now

Yours sincerely,
The Messenger Team

Posted in Mix & Match | Leave a Comment »

SAML Claim Viewer

Posted by Brajesh Panda on January 3, 2013

From last few weeks I was integrating some applications to our ADFS farm. Well we have integrated more than 20 (Dev/Prod) instances. All of them working well; some of them are from our SharePoint 2010 Farm & some from external Cloud providers. And we are looking forward to integrate all applications into this platform. Free Active Directory Federation Services 2.0 is a great enabler for these technologies. Well there are few limitations/restrictions with this product but right now it is okay for us. For troubleshooting you may be wondering how I can see these invisible claims & make sure my claim rules etc. are configured correctly. I found two free tools for this purpose. All Credit & tanks goes to those developers who built them.

1. SharePoint Claim Viewer Web part: You can download this web part from and deploy it in your SharePoint farm. At the bottom of the page you will find the download link, or click it here. It is a nice & handy tool to see claim details. Here is a screenshot –

2. Firefox SAML Tracer; While the 1st one is specially developed for SharePoint, this Firefox Plugin can be used to trace any saml integrated web application. So you download SAML Tracer from here and install it in Firefox. If you are using recent version of Firefox you will able to see this plug-in under Firefox Menu – Web Developer – SAML Tracer. By clicking this start SAML Tracer tool (another window will come up) & just go ahead start accessing a SAML enabled Application. It will keep tracing all those URLs & related SAML Assertion claim etc. It also mark SAML HTTP header as SAML in colored fonts & also format the SAML claim in right format.

Posted in ADFS | Tagged: , , | Leave a Comment »

IPv6 Transition – DS-Lite

Posted by Brajesh Panda on January 3, 2013

Click here for other Direct Access related articles.

As promised in my last NAT/64/DNS64 article, in this article we will be discussing a technology called DS-Lite used for IPv6 Transition. This technology is used for IPv4 Communication over IPv6 network.

I found this nice article by Kapil Digani from Citrix Blog. I am going just re-blog the same original piece. He also wrote few other good articles. You may like to refer to the original
All Credit goes to him.


In IPv6 blog series we have covered transition technologies NAT64 – that allows IPv6 hosts to communicate with resources on IPv4 network and 6rd – that allows IPv6 traffic to be tunneled over IPv4 network. When service providers want to migrate their core network to IPv6, they need to ensure that existing IPv4 users continue to get access to IPv4 internet as before. This is where DS-Lite comes in – it is a tunneling technology that encapsulates IPv4 packets in IPv6 transport to be delivered to final IPv4 destination. DS Lite combines IPv4-in-IPv6 tunneling with NAT – NAT does the IPv4-IPv4 translation before sending packets to public IPv4 network.

DS-Lite enables service providers to natively allocate IPv6 addresses to new customers while continuing to support IPv4 customers. Main functional components involved in DS-Lite are B4 (Basic Bridging BroadBand) and AFTR (Address Family Translation Router) as shown in figure below:

In a DS Lite enabled network, customer premise device provides B4 functionality. Customer device allocates private IPv4 addresses to hosts in the home / customer networks. B4 connects with service provider access network using the IPv6 address allocated by service provider and uses this IPv6 address to establish tunnel with the AFTR device.

AFTR is usually deployed at the edge of service provider IPv6 network and terminates the tunnel created with customer B4 element. AFTR also provides IPv4-IPv4 NAT to translate customer private IPv4 address to public IPv4 address before sending packets out to the public network.

Following sequence describes the connection establishment process using DS Lite:

  1. Host with private IPv4 address initiates a connection to a resource on the public internet
  2. Traffic is sent to B4, which is the default gateway
  3. B4, using its service provider network facing IPv6 addresses establishes the tunnel with AFTR. Address of the AFTR can be pre-configured or can be discovered using DHCPv6
  4. B4 encapsulates the IPv4 packets in IPv6 transport and sends across to AFTR
  5. AFTR terminates the tunnel and de-capsulate the IPv4 packet
  6. AFTR device performs IPv4-IPv4 NAT before sending traffic to the destination IPv4 network

There are many benefits that DS Lite provides:

  1. A lightweight solution to allow IPv4 connectivity over IPv6 network
  2. Avoids the need of multiple levels of NAT as in case of LSN
  3. Allows service providers to move their core and access networks to IPv6 thus enabling them to benefit from IPv6 advantages
  4. Allows coexistence of IPv4 and IPv6
  5. Helps resolve IPv4 address scarcity issue
  6. Allows incremental migration to native IPv6 environment

But as always is the case, benefits don’t come without its own set of challenges:

  1. DS Lite does not provide IPv6 and IPv4 hosts to talk to each other
  2. Increases the size of traffic due to tunnel headers – requires MTU management to avoid fragmentation
  3. Need to manage and maintain bindings between customer addresses and public addresses used for translation in the AFTR device
  4. Brings in additional challenges for DPI in service provider network

Posted in Direct Access, IPv6 | Tagged: , , , | Leave a Comment »

%d bloggers like this: