May 18

Converting Microsoft Azure SQL Server Databases to SQL Elastic Pools to Share Server Resources

Microsoft SQL Server Databases on the Azure Cloud

Microsoft Azure lets you economically and quickly host enterprise quality SQL Server databases in the cloud. The cost of each database is relatively modest.

Managing Resources and Costs for Individual Databases

However, as you add more databases, larger databases, and/or databases that require more resources, costs increase. Providing more resources to a database is helpful when it demands it, but when users aren’t on it or during non-business hours, it may be wasted capacity. Even during business hours, one can have some databases being utilized more than others at unpredictable levels.

Pooled Resources Across Multiple Databases

Fortunately, Azure offers an Elastic Pool option to share resources across multiple databases. If the demand on your databases is inconsistent (spiky), you can provide a high level of capacity that’s available to the most demanding database while allowing other databases to share those abundant resources when needed.

  • You no longer need to set the limits of each database,
  • You are not charged a per database monthly fee which is great for supporting lightly used databases.

Migrating Existing SQL Server Databases to Elastic Pool

Microsoft provides information on SQL Elastic Pools but does not explain how to convert existing databases to an Elastic Pool.

FMS President Luke Chung wrote a new paper with step-by-step instructions on how to convert existing SQL Server databases on Azure to an Elastic Pool without the need to change the database connection strings:

Converting Microsoft Azure SQL Server Databases to SQL Elastic Pools to Share Server Resources

Here’s more information on Designing and Deploying Microsoft Azure Solutions

May 10

Remote Desktop Authentication Error Has Occurred. The function requested is not supported. CredSSP Workaround

Remote Desktop Connections Fail

Starting May 9, we received many reports of Remote Desktop connections failing globally. Users received error messages like this when they tried to remote to machines they connected to successfully for a long time:

Remote Desktop Connection Error

An authentication error has occurred.
The function requested is not supported

Remote computer: <computer name>
This could be due to CredSSP encryption oracle remediation.
For more information, see https:/go.microsoft.com/fwlink/?linkid=866660

The link goes to this page, https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018, and explains the Credential Security Support Provider protocol (CredSSP). It offers extensive information on a series of updates since March 2018. It recommends some steps but isn’t very clear what those changes are nor whether those changes are needed to be made by network administrators globally via group policies, or group policies on every PC and VM.

Caused by a Microsoft Security Patch

The Microsoft Security patch issued on Tuesday, May 8th triggered the problem by setting and requiring remote connections at the highest level (CredSSP Updates for CVE-2018-0886)::

Security update deployment information: May 08, 2018

It changed the default setting from Vulnerable to Mitigated which means that any PC using CredSSP is not be able to use insecure versions. If your PC received the May update but the target PC hasn’t implemented the CredSSP update, the PC receives the error message when it tries to connect to that PC.

The automatic Windows patch to raise the security level is not implemented if the PC doesn’t allow automatic updates. This mismatch between the implementation of a security requirement (which is not optional) without the corresponding automatic update may be the source of this problem.

However, there are many situations such as development, testing, build, staging, and deployment environments which require a stable environment that would be destroyed by automatic Windows updates.

We continue to research this.

Symptoms

The symptoms are rather strange because we found that some machines successfully connected while others didn’t.

For instance, we had a Windows 7 machine that hosted Remote Desktop. A Windows 7 PC had no problem connecting to it, but the same user connecting from a Windows 10 machine failed when that was never an issue before and the host machine allowed remote connection for years.

There are also reports of problems with Windows 10 machines connecting to Windows 10 machines, and people locked out of their Azure VMs.

Workaround Solution

One could rollback the security update, but rather than risking other security problems, there’s a quick fix.

Simply adjust the Remote Desktop settings on the host machine to a lower security level. From File Explorer, choose Computer, right-click and select Properties, then click Change Settings, and go to the Remote tab.

From Windows 10, uncheck the option to “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)”:

From Windows 7, it’s setting the option to the Less Secure option rather than More Secure:

Once these are set, users can remote to the machine again.

Microsoft Comment

Based on this blog post, a Microsoft colleague told us this:

“I double checked the Windows bug database and they are aware of the problem. No ETA on a fix yet unfortunately. Your workaround is what’s suggested to temporarily get around the error, although it is not suggested as a long-term fix.”

Alternative Solutions

This section was added after our initial workaround and is based on the experience of many users struggling with this problem.

The problem is often caused because the local machine is patched with the Windows Update and the machine it’s connecting to is not patched for the CredSSP issue. If both systems were patched then this error would not occur.

There are two options:

Update the Target Machine

Update the target machine with the patch for the CredSSP issue (preferable).

Update the Local Machine

In many cases, you don’t have the option to modify anything on the target machine. You may even be prevented from modifying your own machine, but assuming you have administrator rights, you can change the Group Policy on your local machine to use the Vulnerable setting.

Big picture, it’s ridiculous to lower one’s security settings to connect to a machine that wasn’t updated. It would be much better if it prompted or automatically connected to lower level machines without turning off the higher security level for everything else. All it takes is one target machine that you can’t modify to force this change on your machine. But at least you can get your work done.

  1. Enter run “gpedit.msc” to edit group policy, or from Windows start, enter “Group Policy” and select “Edit group Policy”:
    1. Windows 10
    2. Windows 7
  2. From the treeview, choose Computer Configuration -> Administrative Templates -> System -> Credentials Delegation
  3. Select “Encryption Oracle Remediation” from the right pane (if it’s not there, it probably means your machine wasn’t patched):
  4. Enable and set the Protection Level to Vulnerable:

Hope this helps.


Additional Problem: Cannot Connect via VPN

We’ve discovered problems with VPN connection if the PC has Remote set to the higher security level.

The network connection fails with error: Cannot load the Remote Access Connection Manager service. Error 711:

Lower Your Remote Desktop Security to have the Security to Make the VPN Connection

Apparently, the Remote Desktop setting on the client side impacts its ability to connect via VPN to the host side.

By lowering the setting to less secure for others to connect to the PC, the PC can now successfully connect to the VPN. What a mess.

Additional Discussions

I’ve also been involved in other online discussions:

Summary

It’s late August, and it’s shocking that this problem remains after so many months. I am extremely frustrated by the Windows update policies and Microsoft’s inadequate testing before these security patches are deployed. This is very disruptive and dangerous to many organizations trying to fulfill their missions expecting their PCs to be reliable.

Microsoft security “purists” claim the current approach is necessary to address the serious threats facing users. I guess it wouldn’t be an issue if the updates worked without disruption. However, the downside of this medicine may exceed the illnesses they are trying to prevent.

Hope you are able to resolve this and move on.


Additional Remote Desktop Connection Resources

Apr 23

Microsoft Azure SQL Server Usage and DTU Limit Resource Graphs are Confusing

microsoft-azure-h60 SQLServerText

Microsoft Azure lets you easily create and deploy enterprise quality SQL Server on the cloud and scale it to suit your application’s needs. From the SQL Server database’s Azure dashboard, you can see the Database Transaction Unit (DTU) usage against the specified DTU limit for the database.

One Hour Usage Graph

This is what we saw for usage over one hour. The cyan line across the top is the DTU limit. The dark blue line is the DTU used. The limit is what you pay, so it’s important to scale it to what the application needs.

monitor-hour

One Hour Azure SQL Server DTU use versus limit

While everything seemed fine at the weekly level, looking at the hourly graph gave us a shock. It looks like the database is maxed out for most of the hour. It seems conclusive that we need to increase our DTU level.

65 Minute Graph

But when we set the range to 65 minutes and saw this:

monitor-65-minute

65-minute Azure SQL Server DTU use versus limit

These are completely different displays of the same period of time. The 65 minute graph never hits the maximum DTU. What’s going on?

Visit our page Monitoring SQL Server Usage on Microsoft Azure and Setting DTU Limits for an explanation.

Apr 12

What Happened When We Created a Facebook App for Social Network Analysis

facebook-medFacebook and Mark Zuckerberg are getting blamed for a large number of issues from promoting fake news, election fraud, mishandling user data, and profiting from selling user data.

While some of that may be true, the Facebook security breach is actually a violation of Facebook API licensing rules by the people who used it. Facebook provided the data and encouraged developers like us to create innovative solutions for the Facebook ecosystem. They weren’t selling the data.They weren’t even charging us to use it.

Our Facebook App with Social Network Analysis and Maps

In 2010, we created a Facebook application using our Sentinel Visualizer technology to perform Social Network Analysis (SNA) based on a user’s friends’ friends. It would automatically cluster friends so you could quickly see their groups (high school, college, work, family, in-laws, clubs, etc.).

Facebook Social Network Analysis App of Clustered Friends

Each box (picture) was one of your friends, and you could move them around the network, hover over them to get their info, or click on them to go to their page.

We also plotted friends on a Microsoft Bing Map making it easy to see who were near you or where you were visiting.

Plotting Your Friends' Locations on a Map

 

We launched our free Sentinel Visualizer Facebook App to a limited number of users and it started to gain followers. People were amazed to see which of their friends knew each other. The application started to go viral. We were having trouble supporting the traffic.

Not Allowed to Save Facebook Data

One of the things developers couldn’t do was to save Facebook’s data. All we collected were the user names and email addresses people provided when they registered our program. Unfortunately, other developers didn’t abide by Facebook’s terms and the data improperly got to Cambridge Analytica and others.

Facebook Stopped Making the Data Available

Our app ceased to work when Facebook limited their APIs and prevented our ability to get to the list of your friends’ friends among your network.

It’s not entirely Facebook’s fault for trying to spur innovation by sharing their data for free. Some developers violated the trust Facebook gave them.

The Full Story

Here’s our new web page describing our experience in detail:

Mar 20

Microsoft Access/Office Resources

There are many online Microsoft Access resources available from the Access and Office teams.

New Microsoft Access Tech Community Site

access-community

This is the Microsoft Access development team’s community site that’s integrated with the Access program. Expect to see more and more information and discussions here:

Microsoft Access Tech Community Site

Online Microsoft Access/Office Training

office-training

Online training videos from Microsoft are available for most Office products.

Online Microsoft Office Training

Click on the Access icon to see the Microsoft Access training videos, or go directly to:

Microsoft Access Training Videos

Microsoft Access Help Center

access-helpcenter

The documentation team manages this site for MS Access documents and online help.

Microsoft Access Help Center

Old Microsoft Access Support Team Blog

access-blog

This Microsoft Access blog site is being retired but still has relevant information.

Become an Office Insider

office-insider

If you have an Office 365 subscription, and want to get the latest builds of Office/Access, become an Office Insider.

Sign up from the PC that will host the insider version. Of course the insider version is not ready for prime-time, so don’t use it for your development or production environment.

Office Insider Sign-up

Feb 21

Microsoft Access Version Comparison Matrix

microsoftboxes2013Microsoft Access debuted in 1992 and recently celebrated its 25th Anniversary! Over the decades, Microsoft Access evolved with a large number of enhancements, database formats, features both new and old. and discontinued features.

It’s hard to remember all the changes. Fortunately, we created a comparison matrix that shows the different Microsoft Access versions and changes. See when versions were released, their latest service packs, database formats, linked tables, field types, security features, Windows Operating Systems, and many other features both new and old.

Visit our page: Microsoft Access Version Features and Differences Comparison Matrix

feature-matrix

 

Feb 21

Total Access Statistics Updates for Access 2016, 2013, 2010, 2007, and 2003

New versions of Total Access Statistics are available for Microsoft Access 2016, 2013, 2010, 2007, and 2003.

Enhancements:statistics

  • 2016, 2013, 2010, 2007, and 2003 Versions:
  • Adjusted treatment of null values as missing values rather than zero
  • Updated digital signature for Runtime MDE (for MDB databases)
  • Enlarged the field selection forms

For more information, visit:

Existing Total Access Statistics owners were notified to download the update.

Feb 07

Missing FBI Text Messages: Sean Hannity Radio Show

Introductionsean-hannity-radio

FMS President Luke Chung was invited on the Sean Hannity Show to discuss the technology behind text messages: how they work and how they are archived.

Below is the transcript from the interview followed by some comments on the story and how to avoid problems with data backup and disaster recovery.

Backgroundfbilogosmall

The FBI claimed to lose backups of text messages between FBI agent Peter Strzok and FBI lawyer Lisa Page between December 14, 2016 and May 17, 2017.

Radio Show

On January 22, 2018, Luke Chung was on the radio show with Sean Hannity and Andrew Ziem. The three of them discussed the technology behind the ability to retrieve text messages that were deleted. Luke commented specifically on:

  • How text messages are stored on a sender’s/receiver’s device, unlike emails which are stored on a central server.
  • The ability to retrieve an email that has been deleted is more likely than trying to retrieve a text.

Here’s the audio from the show:

Luke’s segment starts at the 3:28 mark to about 5:18. The discussion wraps up around the 7:12 mark.

Sean Hannity [0:01 – 2:34]: The bigger story today… how do we retrieve five months’ worth of text? Andrew Ziem’s the founder and lead developer of BleachBit. Luke Chung is the president of FMS inc and both are well-versed in the retrieval in the forensics of getting information back that is quote “been deleted”. Thank you both for being with us. Andrew Ziem it sounds like maybe a little bit of BleachBit was used here. Is that possible to use on an electronic device?

Andrew Ziem: BleachBit itself isn’t compatible with a mobile device but there are tools that are similar to that. And even regardless of using that tool, just the fact that so many months have gone by, I know it’s been it’s been well over half a year since May 2017. Even just using the device on a daily basis is going to slowly erase text messages by overriding the data.

Sean Hannity: Well I want to, Luke Chung we’ve talked to you many many times before. Why is it this very critical five-month period they’re missing all those texts? Considering you know this is the crucial period of time. Does that sound like an accident to you? It doesn’t to me.

Luke Chung [3:28]: Well thank you very much for having me back on-again Sean. The technology here is different from emails. Emails are stored in a central server and are much more permanent. Text messages are on the sender’s device. They go to a Telecom company, which then forwards to the recipient’s [Telecom company and] device. Usually, the Telecom throws it away soon after they make that connection. So, there’s no permanent centralized storage with text messages.

Sean Hannity: So, if they subpoena the Telecom company it will probably be a waste of time.

Luke Chung [3:55]: Right, because they have no reason to store billions of text messages. Once you get it on your phone, why would they ever need to hold it for you? It’s not like an email.

Sean Hannity: So, how, what are they usually saved for? Three days in rotation?

Luke Chung [4:05]:
It is usually saved to the extent that they send a message through. So, for instance, if the recipient’s phone is off, the text message isn’t lost. You know, Verizon or AT&T or whoever is holding on to that message waiting until it can send it through. And once you connect, it gives you the message. Some services may provide a way to deal with text messages on their website so you don’t even need a phone. So that would depend on what those people are doing.

Sean Hannity: But the likelihood that the Telecom company has all those are negligible, you’re saying.

Luke Chung [4:33]: I would presume so, because there’s no reason why they would want to keep it. Once they send it through, why would they? mean it’s just a waste of space for them.

Sean Hannity: What about forensically the phone itself or the device itself?

Luke Chung [04:45]: Correct, so the phones, the sender’s phone and the recipient’s phone would have those messages to the extent that they don’t delete them.

Sean Hannity: Okay, if they delete them?

Luke Chung [4:52]: If they delete them, then they would/could be on the little hard disk, for as mentioned before, they would probably overwritten over time.

Sean Hannity: And over time means that probably long gone considering the time period that were talking about is 12/14/16 to May 2017.

Luke Chung [5:07]: Right. I mean they probably have different phones.

Sean Hannity: What about we keep hearing from Bill Binney and others that every text every email that we send is metadata stored in places like Salt Lake City. Is that possible?

Luke Chung [5:18]: Well you can ask the NSA what they store, I would not know what they store.

Sean Hannity: Alright, Andrew what if they erased it on their phone but they have the phone. Would it be retrievable?

Andrew Ziem: Yes, step one would be trying to get access to both of those phones. Making sure we’ve got the password or whatever to unlock the phone. While it is still not super likely that every single message is there. It’s possible and likely if they didn’t intentionally wipe them clean with something like BleachBit, it’s possible that some of the messages are there. So, I think it’s definitely worth a shot to do forensic analysis on the phones.

Sean Hannity: Well, they had to get all the other text messages and then they… As soon as the special counsel was appointed on May 17th. Boom. They find the text again. It literally was gone in this crucial… it sounds like Watergate and what was it, the missing 18 minutes of erase tape.

Andrew Ziem: It’s super fishy.

Sean Hannity: It’s super fishy. What about emails? Is it the same, Luke? With email servers like you use Gmail, or MSN, or AOL, whatever. I mean do those emails get saved by those providers?

Luke Chung [6:12]: Emails get saved by those providers because they are running a server type solution. You can get your email from multiple devices, so it’s not [just] stored on the individual device. It is stored centrally.

Sean Hannity: And how long do they keep them for?

Luke Chung [6:23]: Well, they can keep them, I mean if you don’t delete an email message, they’ll keep them forever. Often times, even if you delete a message like Gmail, they would still store it and have it available in the [trash folder]…

Sean Hannity: They store it in perpetuity?

Luke Chung [6:36]: That’s the agreement that you make with Google. What they do with it is kind of their business.

Sean Hannity: So, the answer is we don’t know if they’d be able to retrieve an email.

Luke Chung [6:44]: Right. An email would be much more likely to be retrievable, because you can go to the server and get it. There’s no such thing as a text message server.

Sean Hannity: But considering it’s the five critical months in question here. That these that the text messages are missing and then they just mysteriously reappeared the day after the special counsel’s appointed. Do any of you, does that pass the smell test for any of you ’cause it doesn’t for me.

Andrew Ziem: It’s hard to explain another way Sean.

Sean Hannity: In other words, it was an 18-minute Gap in the Watergate tapes. It doesn’t meet the smell test that they weren’t erased on purpose, does it?

Luke [7:12]: I mean I would need, you know, I don’t have the data to be able to look at that. I guess they’re two parts of this. One would be to see who owns those phones. Are those FBI phones and were similar things happening to other FBI phones at the time or was it specific to these two people’s phones, right?

Sean Hannity: Yeah, it’s unbelievable. Alright, I want to thank you both. Andrew, thank you. Luke, thank you. Good to talk to you again.


Follow Up Notes

The FBI disclosed that the text backups they were making depended on software installed on each smartphone which encountered problems as the app and smartphone operating systems were updated. The backups were lost for a large number of FBI devices, and not just these two individuals.

Later, the FBI were able to recover the messages.

Lessons Learned

Data backup is critical to most organizations and may be required by law. Unfortunately, people don’t realize system administration tasks like data backup and disaster recovery aren’t working until they need it. Backups may seem like they are successfully running for weeks, months and years without someone verifying everything is working.

Failures could be intentional, but it’s usually a process breakdown or human error. Sometimes, it’s a budget driven issue since old backups (tapes, hard disks, etc.) get reused and older backups get overwritten.

We recommend:

  • Defining an acceptable data retention policy
  • Designing the processes to implement it
  • Budgeting the resources to support it
  • Testing the scenarios to validate the processes are working

Keep in mind there’s a difference between data backup/recovery versus business continuity and disaster recovery. See or paper on Creating a Backup and Disaster Recovery Plan for Microsoft Access Database Applications for some ideas.

Additional Resources

Nov 28

Microsoft Access is 25 Years Old!

birthday25Microsoft Access is celebrating its 25th year this month. It’s an amazing accomplishment for a software product to be so successful for so many years. We at FMS were there since the beginning.

Read our first hand, historical account of watching Microsoft Access take over the Windows desktop database market, and how we became the world’s leading 3rd party developer of Microsoft Access products.

Discover how we watched MS Access rise from nothing to the leading Windows desktop database application. This directly caused the implosion of Borland International which previously dominated the desktop database industry. Witnessing this in person was an amazing experience of how quickly technology can change established, large software businesses.

This article was originally published by Microsoft on their website for the 10 Year Anniversary Celebration of Access (October 2002)

The video is from the November 1992 COMDEX conference where a very young Bill Gates personally announced the debut of Microsoft Access. He remains a big fan of Access and was actively involved in its design and development.
bill-gates

Nov 07

Microsoft Access DevCon 2017 in Vienna, Austria

FMS Inc. founder and president, Luke Chung, was invited to speak at the Access developer’s convention in Vienna, Austria April 1-2. Luke provided his insight on

  • The Access Challenges that developers like himself face
  • How Access has changed and evolved over the years,
  • Demonstrations of many of FMS Inc.’s products and their features.

Luke Chung

Along with Luke’s presentations, DevCon saw Microsoft Access Team members Michal Bar and Mike Sullivan, who gave overviews of Access 2016 and what is coming in the future. Thomas Pfoch, from picoware, showed new features relating to treeview customization. Peter Bryant, from Corylus Business Systems, provided insight in communicating with JSON Services. Microsoft Access MVP, Juan Soto, spoke about Optimizing Access with SQL Server. Danish Microsoft Access MVP Andres Ebro provided techniques and tricks to help with image handling, classes, and using reports inside a form. Paul Rohorzka of TechTalk presented automated testing of Access applications. Kevin Bell of COMC shared his thoughts on tools to extend Access development.

The conference was a great, informative success! The event, organized by Microsoft Access MVP Karl Donaubauer, was sold out! FMS Inc. was grateful for the opportunity to meet and present for all of those in attendance.

The opportunity to view the presentations from the event is still available for all who could not attend, or for those who would like to view them again. You may download the videos for a modest fee here: Access DevCon 2017.

Additionally, due to the enormous success of the event this year, 2018 will host the 2nd Access DevCon Vienna on April 7-8. To stay updated on the event for next year, make sure to check out Karl’s page about the event! Access DevCon 2018