RVS4000 PASV/Ephemeral Ports

Similar Messages

• Dynamic (ephemeral) Port Allocation Global or per-IP?

  Due to an unfortunate application design, I am encountering an issue where I am exhausting ephemeral ports, even after increasing the range.  We have noticed the ephemeral port range seems to be allocated globally, regardless of sourceIP.
  This post http://charlesgate86.wordpress.com/2011/09/23/cas-connection-scalibility-between-exchange-2007-2010/ seems to indicate that support was added in Windows
  Server 2008 for per-IP source port selection.   However, it also indicates that applications must be modifiied to leverage such support, but alas does not give any details on the modifications required.
  The relevant section: 
  Where we see a scale limitation is between CAS and mailbox.  Prior to Windows Server 2008, each outbound connection would
  only use a single source port regardless of the destination IP or whether the source port was available for use; in other words, once the source port was used, it could not be used for any other outbound connection on the server.  Thus we were limited
  to the maximum number of TCP/IP connections, which for Exchange Server 2007 is 60,000 (MaxUserPort TCP setting). 
  We addressed this in Windows Server 2008 by allowing the source port to be used once on a per IP address basis.  So now as long as we have additional IP addresses on CAS,
  we can scale 60,000 outbound connections per source IP address.  However, the corresponding
  applications had to take advantage of this new feature.  In the case of Outlook Anywhere, the RPC Proxy service on Windows Server 2008 was updated to do so.  DSProxy, on the other hand, was not – so the mailbox
  server is limited to 60,000 outbound connections to global catalog servers."
  Where can I find information on the application changes required to take advantage of per-IP source port selection?
  Thank you 

  Hi,
  Due to this issue is more related to coding, to get better help, please post your question on the MSDN forum.
  Here is the address,
  https://social.msdn.microsoft.com/Forums/en-US/home
  Best Regards.
  Steven Lee
  TechNet Community Support

• Configuring Ephemeral Ports in a Zone

  Hey,
  I'm attempting to configure the ephemeral ports in a zone, and having the following problem:
  bash-2.05b# ndd -set /dev/tcp tcp_smallest_anon_port 32778
  operation failed: Not owner
  If anyone is able to help, I'd appreciate it....

  You will likely need to configure this from the global zone, or give the zone exclusive access to the network device if possible.
  The local zone doesn't own the device, and therefore cannot make the change.

• Healthservice.exe was flooding all TCP "ephemeral ports" from 49152 to 65535

  Issue :
  DCOM errors(Event 10009) causing in backup failures.
  Investigation : Healthservice.exe
  was flooding all TCP “ephemeral ports” from 49152 to 65535, generating a TCP/IP port exhaustion, while trying to login into the SQL Database. After I disabled the System
  Center Management service, the backsups complete without any issue.
  Background : Server hosts Sharepoint SQL databases. SCOM Agent 2007 R2 with CU4 is installed.
  Thanks, Harry :-)

  Hi,
  May I know if there was any changes before the issue occurred, such as MP imported?
  Regarding the error, please check it referring to the following post:
  HP Storage MP v 2.0: DCOM EventID 10009 every 5 seconds in the System Log of the RMS
  http://thoughtsonopsmgr.blogspot.com/2012/05/hp-storage-mp-v-20-dcom-eventid-10009.html
  Meanwhile, if the issue occurs in Windows 7 or Windows Server 2008 R2, please also try the following:
  A hotfix is available to enable the Association Cookie/GUID that is used by RPC over HTTP to also be used at the RPC layer in Windows 7 and in Windows Server 2008 R2
  http://support.microsoft.com/kb/2619234
  Thanks.
  Nicholas Li
  TechNet Community Support

• FTP Server: PASV / Illegal PORT Command Issues

  Hi,
  I'm hoping someone can shed some light on this.
  We have an iMac running 10.6.6 server with the FTP service running. Everything has worked fine for the last 6 months, including an office move (new IPs, etc) but suddenly in this last week, a lot of users (internal and external) are getting an "Illegal PORT Command" error when connecting.
  The iMac is behind an Airport firewall with ports 20 and 21 forwarded to the server.
  From what I've read the issue is a NAT related but I can figure out how to fix. The weird thing is that none of us here can think of any changes we've made on the server or Airport in the last week.
  I've tried a mismatch of rules in the ftpaccess config file in /Library/FTPServer/Configuration/:
  passive address external_ip 0.0.0.0/0
  pasv-allow all 10.0.1.1/24
  passive ports 10.0.1.1/24 54350 65535
  with no success.
  Debug from transmit when connecting:
  Transmit 4.1.5 (x86_64) Session Transcript [Version 10.6.6 (Build 10J567)] (11-02-24 2:10 PM)
  LibNcFTP 3.2.3 (July 23, 2009) compiled for UNIX
  220: server.private FTP server ready.
  Connected to domain_name
  Cmd: USER username
  331: Password required for username.
  Cmd: PASS xxxxxxxx
  230: User username logged in.
  Cmd: TYPE A
  200: Type set to A.
  Logged in to domain_name as username.
  Cmd: SYST
  215: UNIX Type: L8 Version: BSD-199506
  Cmd: FEAT
  211: Supported features:
  REST STREAM
  ADAT
  AUTH
  CCC
  CONF
  ENC
  MIC
  PBSZ
  PROT
  MDTM
  UTF8
  SIZE
  End
  Cmd: OPTS UTF8 ON
  200: UTF-8 encoding enabled
  Cmd: PWD
  257: "/" is current directory.
  Cmd: PASV
  425: Can't open passive connection: Can't assign requested address.
  Passive mode refused.
  Connection falling back to port (PORT) mode.
  Cmd: PORT 10,0,1,6,250,79
  500: Illegal PORT Command
  Cmd: PORT 10,0,1,6,250,80
  500: Illegal PORT Command
  Cmd: PORT 10,0,1,6,250,81
  500: Illegal PORT Command
  Cmd: PORT 10,0,1,6,250,82
  500: Illegal PORT Command
  Disconnecting from server…
  Cmd: QUIT
  221: You have transferred 0 bytes in 0 files.
  Total traffic for this session was 187 bytes in 0 transfers.
  Thank you for using the FTP service on server.private.
  Goodbye.
  Anyone know what I can try?
  Thanks.
  Message was edited by: s-chilly

  In terms of the Airport Extreme, is the Mac Mini Server currently set to the default host? If the Mac Mini Server is not currently set to the default host, this needs to be configured as such.
  To set up the Mac Mini Server as the default host on the Airport Extreme:
  1 Open AirPort Utility, select your wireless device, and then choose Manual Setup from the Base Station menu, or double-click the device icon to open its configuration in a separate window. Enter the password if necessary.
  2 Click the Internet button, and then click NAT.
  3 Select the “Enable Default Host at” checkbox if not already checked.
  4 Enter the same IP address of the Mac Mini Server.
  This works

• FTP Server in FXP mode : PASV / Illegal PORT Command

  Hello,
  In our workflow, we transfer the media files with the FTP protocol in mode FXP (server to server), the commands are initiated by an automation system.
  This system work with the plateforms windows (serv-u), linux (vsftpd), osx (tnftpd) but it's impossible on a osx server (xftpd). The aim is to write file on our Xsan.
  The error is an illegal PORT command, when the automation system sent the IP adress of the other server.
  For test, If the IP adress of the destination server is the same that the automation server, the transfers are good, the PORT command is accepted.
  But in our case, the ip adress, is a other server...
  We can't to run the ftp server in FXP mode, and I do not want to install a Pureftp for to replace the tools included with osx server (and server admin).
  I think that's is possible, because this workflow works on a osx after we have modify the ftpd.conf (checkportcmd off).
  We not found in the file ftp access and nothing on the Internet, that's why I write on this board.
  I need your help, anyone have a solution, it's really important ?
  Thank you very much.
  Franck

  Hello Franck,
  I'm attempting the same thing.  Did you find a solution to your problem?

• WAN port speed on RVS4000

  I have an RVS4000 with the following:
  Firmware Version:
  V1.3.3.5
  CPU:
  STAR 9202
  I believe it's a v1 of the RVS4000 as I've tried to put the 2.x.x firmware and I couldn't.
  My ISP upgraded me to a 100Mb/20Mb down/up plan (Quantum 100 here: https://www.highlandsfibernetwork.com/internet). However, through my RVS4000, I get the following speeds:
  Download Speed 18498 kbps (2312.3 KB/sec transfer rate)
  Upload Speed 19098 kbps (2387.3 KB/sec transfer rate)
  Latency 7 ms
  Client Time December 4, 2011 11:06 AM
  Server Time December 4, 2011 11:06 AM PST
  When I connect directly to the switch rather than through my RVS4000 I get:
  Download Speed 45818 kbps (5727.3 KB/sec transfer rate)
  Upload Speed 6240 kbps (780 KB/sec transfer rate)
  Latency 5 ms
  Client Time December 4, 2011 10:59 AM
  Server Time December 4, 2011 10:58 AM PST
  Clearly there's something wrong here, where I'm getting less than half the download speed through the RVS4000 than I do without it. From the datasheet, it states that the RVS4000's WAN port is a 10/100/1000 port, so I don't see why I should have the limitation on speed.
  Can someone help resolve this?
  Robert.

  Hello Abudef,
  I disabled IPS and verified that QOS is disabled. Now with the speed test, I get a large improvement, basically bringing me up to the speed without the RVS4000 involved:
  Download Speed 41811 kbps (5226.4 KB/sec transfer rate)
  Upload Speed 20550 kbps (2568.8 KB/sec transfer rate)
  Latency 5 ms
  Client Time December 4, 2011 07:47 PM
  Server Time December 4, 2011 07:46 PM PST
  Thank you so much for your help!
  Robert.

• Time Capsule Does Not Port Forward FTP Ports

  Hey there,
  I recently purchased a Time Capsule, and I found out that while it fixes the NAT-PMP bug found in my previous AirPort Extreme Base Station (Gigabit-N), it introduces a new problem which makes it refuse to forward port 21 properly.
  It seems to me that the Time Capsule has some sort of FTP server built in, and is either enabled but closes connection on client connection, or disabled but still listens for client connection.
  This message is what I get when I connect to my IP via FTP from the WAN side (FTP port forwarded to a local machine with an IP 10.0.0.8):
  421 Service not available, remote server has closed connection.
  When it is accessed from the LAN of course, I can connect to 10.0.0.8 with no problem. However, what is interesting is if I connect to the Time Capsule via FTP I get this as well:
  421 Service not available, remote server has closed connection.
  Thus, I am 100% certain that the FTP message I see when I connect from WAN is from the Time Capsule instead of the machine I port forwarded to.
  Apple needs to fix this annoying problem and at the same time fixes some VPN issues I'm having with my Nortel VPN client (4.68). It was all working when I had the AirPort Extreme Base Station.

  I am having a problem establishing an FTP session that is started with my FTP Client (CuteFTP) on my local network and attempting to connect to an FTP Server with one of my hosting providers. My first few attempts used FTPS (Secure FTP) as that is what I typically use when transferring FTP packets over the net. Well, this didn't work so I thought maybe the Time Capsule had a problem inspecting the encrypted packets so I switched to standard clear-text FTP just to see if the Time Capsule handles FTP session management functions correctly. This didn't work either. I'm using PASV FTP and have never had a problem before with my CISCO Router or with another consumer-based NAT router. I don't believe that the Server on the Internet gets the initial request on port 21 as I believe the Time Capsule is not allowing the packet to pass and my FTP Client spits back an error message : "Couldn't access FTP service " "Connection Failed". I have also used "Terminal" and initiated the ftp utility and attempted to connect to the same server and receive the following error message : "421 Service not available, remote server has closed connection.". I have attempted to put my computer in the DMZ by using the Default Host feature on the Time Capsule but that resulted in the same errors. I believe that I have tried most of the settings available on the Time Capsule to attempt to get this to work but no luck yet. If the packet is getting through to the server and the response back on the current ephemeral port is not getting through the Time Capsule I'm really hoping the solution is not having to port map all ephemeral ports as this is in the tens of thousands. Has anyone successfully established an FTP Session (Secure or Not) from your local client through the Time Capsule to a Server on the Internet. If so, could you help by providing any Time Capsule settings that were required for this to function properly....Thanks in Advance.
  Note: I have attempted to ftp to several different public ftp servers on the Internet and get the same error results. I have no problems ftping to local serverson my local network.

• Help with connecting to NIST NTP server on port 123

  I can get NIST time in Daytime format using the rt_nist_date_time.llb example posted on ni.com, but I cannot connect to NIST NTP format time data using port 123.  I freely admit to being over my head with this stuff, and have spent much of this Thanksgiving holiday reading about UDP and TCP.
  The attached vi summarizes what I've tried so far.  The UDP case is what I thought would work, but I can't come up with a network address that the UDP-open vi likes.  Can anyone out there help this n00b tell the time?
  The attached file is supposed to be in 8.0 format, although I'm working in 9.0
  Here is a link discussing the time formats: http://tf.nist.gov/service/its.htm 
  Jeff 
  Solved!
  Go to Solution.
  Attachments:
  UDP.vi ‏17 KB

  jstevens wrote:
  THANK YOU!!!  I don't think I ever would have come up with connecting the web address to a Read or Write UDP rather than the Open UDP block.  Not to mention starting by opening port zero.
  Unlike TCP, UDP is a connectionless protocol. Here's a quick explanation in different words.
  A udp packet travels from a [sourceIP, sourcePort] to a [DestinationIP, destinationPort].
  UDP open basically reserves a local port used for sending (soucePort) and receiving (incoming packet with that same destinationPort). Since some local ports are always in use, you would generate an error if you would accidentally pick a used port. Picking zero is useful for requests (as in this case!), because the OS will pick an unused ephemeral port. The actual source port number does not matter because the NTP server will just send the reply packet back to whatever port it came from. (If you would write your own NTP server in LabVIEW, you would of course need to set the local port to 123, and would get a conflict if another NTP server is already running on your rig). Writing an NTP server in LabVIEW would be a trivial modification to the current code, try it! . Simply listen for packets on port 123, form a response packet based on the timestamp, and send it to whatever IP/Port it came from (that info is available from udp read) and then go back to listen for new requests.).
  UDP write sends a packet to the server using the above opened local port as source port. You can use the same connectionID to write to several other servers and ports, because UDP is connectionless. (TCP is connection based, so a TCP connection involves a defined source/destination pair)
  UDP read listens for incoming packets from all over the world at that same local port. It is very unlikely, but theoretically possible that other UDP packets will arrive at that same port, so you could even filter to make sure to read incoming packets until they match the port and IP of the original request. The current code is somewhat vulnerable to a DOS (denial of service) attack for example as follows: Imagine the guy in the next cubicle had means of sniffing your network traffic. He could write a small program that looks for your NTP requests and then immediately starts flooding your IP with meaningless UDP packets to the sourcePort you just used. The current program only reads one packet and thus will never see the return packet from the NTP server.
  UDP close frees up the local port and the computer is now no longer listening for packets on that port. Of course you could keep the port open for the duration of the program, especially if you intend to send UDP request once in a while during execution.
  Makes sense?
  LabVIEW Champion . Do more with less code and in less time .

• IE HTTP close (reset) - port reuse causing firewall issues

  Having an issue with some systems reusing the same TCP port number between sessions, causing the firewall to drop the connection.
  Internet Explorer is creating the HTTP socket connection to port 80. An ephemeral port (assigned by Windows) is bound to the local side of the connection. The first connection goes through just fine. The socket is
  closed/reset. However, the very next connection (hundreds of milliseconds later), is using the same ephemeral port, causing the firewall to discard the connection.
  I have tried setting TcpTimedWaitDelay in the registry but that did not help. Since the socket is being reset, it never goes into the TIME_WAIT state.
  Any suggestions? This does not happen consistently - on the order of 10s of times per day.
  Thanks!

  Problem is still occurring. Customer has built a new client system with MS-only software (no virus protection, etc.). Upgraded this system to IE9.  Problem is still occurring. Tried disabling NativeXMLHTTP option but no difference.
  Here is the ASP VBScript code that causes the error to appear:
  function SubmitPost(data,ErrHow)
  var d = new Date();
  return SendData('POST','TDMaster.asp?InstID=' + document.getElementById("tdInstance").value + '&UID=' + d.getTime(),data,ErrHow,0);
  //Returns valid version of MSXML
  function GetMSXML()
  var progIDs = ['Msxml2.XMLHTTP.6.0','Microsoft.XMLHTTP'];
          for (var i = 0; i < progIDs.length; i++) {
              try {
                  var http = new ActiveXObject(progIDs[i]);
                  return http;
              catch (ex) {
          return null;
  // Function that actually sends the data and returns the response
  // Format 0 = XML
  // Format 1 = Binary
  var http;
  var timedOut;
  function SendData(method,url,data,ErrHow,Format)
              http =  GetMSXML() ; 
              var ResultXML;
              var e;
              http.open(method, url, false);
              http.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
              http.setRequestHeader("Content-Length", data.length);
              try {
                          http.send(data);
                          if(Format == 0) {
                              return http.responseText;
                          } else {
                              return http.responseBody;
              } catch(e) {
                                  return CreateError(e.number, e, ErrHow);

• AD Authentication Too Slow With Required Ports Open

  Hi,
  I have a server (2008 R2) in DMZ network and the domain controller (also 2008 R2) is sitting in the internal network. There is no domain or domain controller in DMZ network, only one domain in internal network. The server in DMZ is a domain member. I opened
  all the necessary ports through firewall mentioned in below article:
  http://technet.microsoft.com/en-us/library/dd772723%28v=ws.10%29.aspx
  When I use domain credentials to log on to the server in DMZ, it successfully logs in but takes about 5 mins for the log in process to complete! As a test, I opened ANY (all ports) and then log in takes only a few seconds (normal time).
  Can someone tell me whats the reason? Is the above mentioned article missing ports that should also be opened?
  Thanks

  Hi,
  Yes the old ephemeral port range is required. See below thread which should help you further.
  https://social.technet.microsoft.com/Forums/en-US/1c6a59de-c1fe-4946-bb4e-1fe36fd40b08/required-ports-to-communicate-with-domain-controller
  Regards,
  Calin

• FTP server: PORT command not supported??

  Hi,
  In a nutshell - we are trying to set up PASV -- PORT connection between a Tiger server (10.4.11) and another system (say it's a windows FTP server). Issuing a PORT command to a Tiger FTP server fails with this error:
  -> PORT 192,168,11,3,199,158
  <- 500 Invalid PORT command
  I have done some research on the web and as far as I can see - this is just a feature that is disabled in Mac OS X ftp server.
  What's strange is that "features" command states that PORT is supported.
  Has anyone seen PORT command work for a Tiger Server ftp daemon?
  Has anyone succeeded enabling this command on a Tiger server?
  Can you recommend another FTP server that works well on a Tiger server?
  Thanks a million,
  Darius

  Passive (PASV) and Port (PORT) mechanisms are orthagonal.
  If you're working with PORT, then you're almost certainly trying to clear through one or more firewalls. And a firewall can also trigger the Illegal Port Command error for a PORT command.
  (Though I don't see a PORT command in the Mac OS X ftp client. I've checked a couple of clients, and it isn't common to expose it.)
  ftp is a mess. Insecure, difficult to configure, insecure, firewall unfriendly, insecure, and slow. And did I mention insecure?
  (No, I'm not a big fan of ftp.)
  Some reading material:
  http://www.cert.org/techtips/ftp_portattacks.html
  http://www.slacksite.com/other/ftp.html
  http://cr.yp.to/ftp/security.html
  As for a suggestion, chuck ftp and switch to sftp.

• Opening port 51325 on firewall

  Hello,
  In order to get a fast response when the print properties are asked in Office, port 51325 has to be opened on the firewall. After some research on the web I still can't find any reason why...
  Anyone knows what this port is used for? Are there any security issues?
  Thanks in advance!

  Hello,
  In order to get a fast response when the print properties are asked in Office, port 51325 has to be opened on the firewall. After some research on the web I still can't find any reason why...
  Anyone knows what this port is used for? Are there any security issues?
  Thanks in advance!
  Can you provide information, links, etc., where you got this information that Office requires this specific port number? Also, is the port# you're referring to a TCP or UDP port?
  FYI, TCP & UDP 51325 is part of the dynamic port ranges known as the Service Response Ports, or also known as the Ephemeral Ports. They are ports  that are randomly selected (Windows Vista, Windows 2008 and newer operating systems) between
  TCP & UDP 49152 - 65535. In Windows 2000, 2003 and XP, they were 1024-5000. Windows NT used the whole range.
  The initial port may be an attempt for Office or any other app, that needs access to something else, such as a mapped drive, or sending something to a printer. The initial port may more than likely be an RPC call on TCP 135, but the response from the destination
  host will be a randomly generated ephemeral port. And once the session is closed, the port is dissolved.
  Here are more specifics on ports in an AD environment:
  Active Directory Firewall Ports - Let's Try To Make This Simple (RODC, too)
  Published by acefekay on Nov 1, 2011 at 4:31 PM
  http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx
  Windows Vista, Windows 7, Windows 2008 and Windows 2008 R2 Service Response Ports (ephemeral ports) have changed.
  http://support.microsoft.com/?kbid=929851
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• Coherence Extend remote address port in TCP Connection

  Hi,
  From the log below, I see remote address port is picked some random port(48552). (currently i disabled the firewall), If i enable the firewall it could be an issue, is there any way i can specify the remote ports that tcp connection use?
  2011-02-24 13:18:18.076/1280.207 Oracle Coherence GE 3.6.0.1 <D6> (thread=Proxy:ExtendTcpProxyService:TcpAcceptor, member=13): Opened: TcpConnection(Id=0x0000012E56A3CA1B0A1F96B688F7EEBCEDA2AA9397203393CF480379B3963D86, Open=true, LocalAddress=10.31.150.182:9099, RemoteAddress=10.31.150.182:48552)
  One more question,
  I have two proxy servers, is it possible to configure the client to make two connection (redundant) one for first proxy and another for second proxy. is it make sense?
  Thanks
  Prab
  Edited by: 833796 on Feb 24, 2011 2:35 AM

  Hi Prab
  The random port is what normally is called an ephemeral port for the client and is usually not a problem for firewalls since this is expected behavior. If you want to control the client port you can do this by adding the <local-address> to the tcp-initiator element.
  As for the second question, it doesn't quite work to do as you suggest. The proxy contains state for the client, as this is not replicable between the proxies one cannot continue where the other one left off.
  Thanks
  /Charlie

• BT HomeHub 5 intercepting traffic on port 554 and ...

  As the title says, my homehub appears to be intercepting packets on these two ports and, infuriatingly, is replying as the target resulting it as showing as open on all hosts. Does anyone have insight into why it would be doing this as well as how to disable this behevior.
  C:\>tcptrace 75.27.30.143:7070
  Tracing route to 75.27.30.143 [75-27-30-143.lightspeed.crmlin.sbcglobal.net] on
  port 7070
  Over a maximum of 30 hops.
  1 2 ms 1 ms 2 ms 192.168.1.254 [BThomehub.home]
  2 Destination Reached in 5 ms. Connection established to 75.27.30.143
  Trace Complete.
  C:\>tcptrace 75.27.30.143:554
  Tracing route to 75.27.30.143 [75-27-30-143.lightspeed.crmlin.sbcglobal.net] on
  port 554
  Over a maximum of 30 hops.
  1 2 ms 2 ms 2 ms 192.168.1.254 [BThomehub.home]
  2 Destination Reached in 9 ms. Connection established to 75.27.30.143
  Trace Complete.
  This is expected behevior for a closed port.
  http://pastebin.com/npXxS9b2

  What is happening is there is either a crash or hang triggering a reset and the restart cannot occur due to a hung or dead handle to Port 554. The next time your server gets in that state, can you run a netstat -ano and see if a process tied to sghwdsptr.exe
  is still listening on that port. Usually it is a hung dispatcher or its zombie which is why a restart will not work but a reboot. If you do find the process still active, you could try killing the process to see if you can restart without rebooting.
  With regards to how it gets into this state - I would follow Nicke's advice with regards to the blog but also remember that RTSP (due to its ephemeral port usage) has a finite limitation. How many clients are checking in with this management server? Also
  what are the average number of *applications* not packages being used by each one?
  Steve Thomas, Senior Consultant, Microsoft
  App-V/MED-V/SCVMM/Server App-V/MDOP/AppCompat
  http://blogs.technet.com/gladiatormsft/
  The App-V Team blog: http://blogs.technet.com/appv/
  The MED-V Team Blog: http://blogs.technet.com/medv
  The SCVMM Team blog: http://blogs.technet.com/scvmm/
  “This posting is provided "AS IS" with no warranties, and confers no rights. User assumes all risks.”