Friday, October 27, 2006

Making a MacBook Pro my development machine, or Joining a Windows Server 2003 SP1 Parallels virtual machine to Active Directory

As I casually mentioned in my last post, work got me a MacBook Pro Core Duo to replace the aging IBM ThinkPad T42 I came to loathe on a daily basis.

Why the Mac? Easy, it runs Windows and OS X if we decide to support OS X in the future, and it came in $100 cheaper than an identically configured new Lenovo ThinkPad with our supposedly steep corporate discount, and no I am not kidding.

So how am I going to work? That was kinda the mystery part. I wasn't sure if I would use Boot Camp or Parallels, but the intention was to start using Parallels with a safety net Boot Camp partition for testing at full speed

I was also taking time with this change to move over to Windows Server 2003 SP1 because of work I have been doing on Approver.com. I did the equivalent of 40 hours worth of work on a feature that is basically in stasis because Jeff and I couldn't get it deployed since the config is so different between IIS 5.1 and IIS 6 for the feauture I built. I promised I would never let that happen again, for a work or side project, and just develop everything under IIS 6.

So I installed Win2K3 R2 SP1 in Parallels Build 1940 for my work VM, and then tried to join it to the domain and then I wait and wait until I see The remote procedure call failed and did not execute. I was stunned, fear stricken actually, that my whole scheme of using the MacBook Pro with OS X and Parallels had just gone up in flames. It took me a week of testing, Googling, forum crawls, and a fair bit of praying, but I finally cracked the problem.

You can read my Parallels Forum Post, I am murdocdv, for the solution, but I will repeat here. Windows Server 2003 SP1 changes the way RPC packets are formed to increase performance. The details are in this MS KB article. This change though causes some VPN and firewall software to block the RPC packets because it doesn't understand them, and it dawned on my at some point that perhaps the way Parallels bridges the OS X networking to the guest VM networking is close enough to a VPN connection that the hotfix and registry change in the KB article might allow Win2K3 SP1 to join the domain. That is exactly what happened, but you have to follow the directions exactly. Install hotfix first and reboot, then change registry and reboot, then join domain. Not having W2K3 in the domain would have been a dealbreaker, so I am exremely relieved to have fixed this problem.

Update
Parallels Desktop 3.0 Build 5608 still has the domain joining issue, at least for me. You still have to manually change the way Windows Server 2003 Service Pack 2 (SP2) RPC works to disable RPC negotiation. I forgot about this issue for a few hours before using the right terms in Google the other day. Actually, I think I had eliminated this from the probability matrix for troubleshooting my domain joining problem because surely, *surely*, Parallels had updated their networking stack to work with RPC negotiation, but I was wrong. Also, I misremembered the Knowledge Base article. I thought that with SP2, the don't negotiate behavior was going to be the default, wrong again. I am probably going to have to print out this KB article and hang it on the cube so I don't forgot again :-)