Posted by & filed under Internet Information Server.

So you’ve decided you want to use JW Player for Silverlight and IIS Media Services Web Playlists together.

One of the reasons to use Web Playlists is to hide the true path of your video. This makes it difficult for users to download a full copy of your video, perfect for streaming copyrighted or pay-per-view content. Although users can still use screen capture software (such as Camtasia) to record your video, the process is more involved and less likely.

JW for flash and most other players require the media file (.mpeg, .mp4, etc) to be in a folder below the root path accessible by visitors. Web Playlists for IIS allows you to add videos from any folder on your server, and does not directly access the video when a viewing is requested. It uses a one-time security token to obfuscate the path.

Step 1 – Add a New Playlist in IIS

Here you’ll add a new playlist by opening up the IIS Manager, selecting your website and double-clicking on “Web Playlists.” Once it is open, on the right-hand side click on “Add Playlist.”

add_playlist_iis_media_services_0add_playlist_iis_media_services_1

Once you type in a name for your playlist it will generate a URL that needs to be used by your web-based player. As you can see here, we are looking at iishacks.com/VMWareCertificate.isx.

You’ll need to add the specific video file by going to “Media entries” and clicking “Add.” You can select a Physical Path (excellent for hiding a file above the root folder), a Relative URI (if the file is in the root folder or below), or a Remote URL (if it is on another server or domain). I’ve chosen Physical Path and selected a folder that is not accessible via IIS.

You’ll notice you have options to disable skip back/forward or seek. If you choose to attach multiple videos together, or have required advertisements before, between or after videos, these options are for you. Networks such as Global TV utilize these options to ensure visitors are viewing the advertisements before a video starts.

add_playlist_iis_media_services_3

Step 2 – Add the Playlist to JW Player

Once you’ve added your video file(s) you can now add the playlist to a web-based video player such as JW Player. JW Player for Silverlight is the only free player that supports the ISX playlist format and doesn’t require ASP. IIS Web Playlists supports .asf, .avi, .flv, .m4v, .mov, .mp3, .mp4, .rm, .rmvb, .wma and .wmv.

You can download JW Player for free here: http://www.longtailvideo.com/players/jw-wmv-player/

Here is the code I used for my VMware video. This can be embedded into WordPress or any PHP/HTML file.

<center><div name="mediaspace" id="mediaspace"></div> <p> <script type='text/javascript' src="/silverlight.js"></script><br />  <script type='text/javascript' src="/wmvplayer.js"></script><br />  <script type="text/javascript">   var cnt = document.getElementById("mediaspace");   var src = '/wmvplayer.xaml';   var cfg = {    file:'http://iishacks.com:80/VMWareCertificate.isx',    height:'470',    width:'600'   };   var ply = new jeroenwijering.Player(cnt,src,cfg);  </script></center>

As you can see the ISX/ASX playlist is located at http://iishacks.com:80/VMWareCertificate.isx . If you try and open the file it will direct you to either a broken link or a text file with the following:

add_playlist_iis_media_services_4

Notice how the ISX playlist has a tokenized session id appended to the URL? Try and open that. It’s a dead end. You’ll never be able to simply download the file. Here is a full set of features with Web Playlists.

add_playlist_iis_media_services_5

Posted by & filed under Security, Windows / Server.

A few people have emailed asking why Windows Server 2008 does not reply to pings (and how to enable it).

It doesn’t by default. No official reason why, but it probably has something to do with POD (Ping of Death) and Ping Flooding. Commonly used in Denial of Service attacks, POD is when a target server is sent an unusually large ICMP packet. For Ping flooding, if the target server is set to respond to pings, it may become bogged down and unable to effectively respond to other requests such as HTTP and FTP. Denial of Service attacks usually require a coordinated effort among multiple computers to halt a server - but it happens, and often!

To enable pings on the public profile (ie. over the Internet), go to Administrative Tools -> Firewall with Advanced Security -> Inbound Rules and find “File and Printer Sharing (Echo Request – ICMPv4-In)” -> Right-click and select “Enable.”

 

Enable Ping Requests Windows 2008

 

You can also open up the command prompt and type:

netsh firewall set icmpsetting 8

or type the following to disable the setting:

netsh firewall set icmpsetting 8 disable

For Windows Server 2008 R2, type:

netsh advfirewall firewall add rule name=”ICMP Allow incoming V4 echo request” protocol=icmpv4:8,any dir=in action=allow

Posted by & filed under Internet Information Server, Security.

Another one of Microsoft’s descriptive errors is 0x8ffe2740 when trying to start an FTP or Web Server from the IIS Administration module. The error itself means that there is a port conflict with another service. This is a relatively easy diagnosis, as you should already know what ports your ftp or web servers use.

Error 0x8ffe2740 when starting ftp or iis

Use the netstat command in the command console to find out what program is using a particular TCP port. Replace the ## with the port you wish to test. This works on Windows Server 2003 and 2008.

netstat -anop TCP|find “:##”

The above command will return a PID (process ID). You will need to match that to a running program or service. Type the following command:

tasklist /SVC /FI “PID eq ####”

Here is an example using port 21. In this example you can see the “ftpsvc” service is using port 21 through svchost.exe – which is normal. In a client’s machine, it was MSUpdate2.exe that was using port 21 – a piece of malware using an FTP server to serve pirated movies!

Unexpected Error 0x8ffe2740

Posted by & filed under Windows / Server.

When you first install VMWare Server, you’ll find the administration area in Firefox or Internet Explorer has a security certificate error. This is because the certificate that ships with VMWare is self-signed (untrusted). One solution is to use a trusted certificate from a third party (Verisign, GoDaddy, etc) but that has costs associated with it and is not actually necessary. If you want your computer to properly trust the certificate, add it to the Trusted Root list.

  1. Navigate to the SSL folder where VMWare Server is installed (ex. C:\Program Files\VMware\VMware Server\SSL).
  2. Double-click on RUI.crt.
  3. Click “Install Certificate” on the Certificate Information window that pops up.
  4. Click “Next” to start the Certificate Import Wizard.
  5. Select “Place all certificates in the following store” and click “Browse”.
  6. Select “Trusted Root Certification Authorities” and click “OK”.
  7. Click “Next” and “Finished”.
  8. A Security Warning box will pop up, click “Yes” and then “OK”.
  9. Close the Certificate Information window.
  10. The SSL warning will no longer show on the VMWare Server login screen.

Posted by & filed under Windows / Server.

I just found out the hard way that VMWare Server 2.0′s Console plug-in does not work with Firefox 3.6.

Perhaps in the future VMWare will release a compatible plugin, but for now the fix is to use the console plugin for Internet Explorer, Firefox 3.5x or use VMWare Player 3.0.

The following error is what comes up in Firefox 3.6 or any other unsupported browser.

VMWare on Firefox 3.6

“Cannot access virtual machine console. The request timed out. The attempt to acquire a valid session ticket for MACHINE_NAME took longer than expected. If this problem persists, contact your system administrator.”

http://communities.vmware.com/thread/252218