SBS - CEICW - Web Services Configuration Choices

At one point during the Configure Email and Internet Connection Wizard, we get to choose which services are exposed to users that logon to the Remote Web Workplace:


The following are the choices:

• Outlook Web Access: Direct Outlook Web access via www.mysbsserverdomain.com/exchange
• Remote Web Workplace: The Web site we use to access internal SBS resources via www.mysbsserverdomain.com/remote
• Server performance and usage reports: For anyone given permission to see the reports via the Reports and Monitoring Wizard, they will be able to click on the link in RWW, logon, and view the reports live.
• Outlook Mobile Access: Permission to configure your Windows Mobile device to synchronize with Exchange for email, contacts, appointments, tasks, and more from anywhere.
• Outlook via the Internet: Allows Outlook 2003/7 to connect to Exchange via RPC/HTTPS.
• Windows SharePoint Services intranet site: The Companyweb internal site made available via RWW. A logon may be required.
• Business Web Site (wwwroot): Setup a Web site such as www.mycompanysite.com to be hosted on the SBS box (not recommended).
• Allow access to the entire Web site from the Internet: This is not recommended at all as everything in and under the Default Web site will be accessible via the Web!

The Configure Email and Internet Connection Wizard is probably one of the most important wizards in SBS. Understanding the mechanics for how the wizard goes about configuring the various components is not required. It is, however, imperative that we understand all of the available choices to us as we run through it in order to make the proper decisions.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Blog error and apology

When I was in the process of putting together the SBS CAL post yesterday, I clicked on the Link to in his post.

I clicked publish thinking that it would give me an URL inserted into the current post I was working on, instead it published the link to the blog itself.

My mistake there, and my apologies to Chris, I have since removed the mistaken post from the blog.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

System Builder Tip: Asus P4C-800 3Com NIC Install

The P4C-800 was the very last Asus board we ever sold.

We had a bunch of systems built around the boards and pretty much all of them came back.

Therein lies the reason behind our conversion to Intel only for our system products.

Here, we are rebuilding a system based on a P4C-800.

The NIC driver will not install. It is the 3Com 3C940 based on board adapater. No matter what we try, it just is not happening.

Here is what we came up with:

1. Regedit
2. HKLM\System\CurrentControlSet\Enum\PCI
3. Find the Ethernet properties - VEN_1148&DEV_4320...
4. Right click on the key and Permissions
5. Add yourself with Full permissions
6. Find and modify CompatibleIDs by adding the line: VEN_10B7&DEV_1700
7. Modify the HardwareID by adding the line: VEN_10B7&DEV_1700
8. Close RegEdit
9. In Device Manager uninstall the Ethernet Adapater
10. Rescan for hardware - right click the computer at the top and "Scan for changes..."
11. Select Advanced and choose the 3Com driver yourself from the CD
Do not reboot the system during this process. Just delete the adapter and install the 3Com drivers from there.

And, if it is important, such as in the case where the computer is directly connected to an ISP that registers the MAC address, they come up as all zeros. So, one needs to set the MAC address for the NIC too.

1. Right click on the NIC and Properties
2. Click the Configure Button
3. Advanced Tab
4. Network Address
5. Click the radio button beside the data and enter: 02-60-8C-AA-BB-CC
• The last three numbers can be made up. the 02-60-8C is 3Com's vendor code.

Once those two settings have been taken care of, one is good to go!

Thanks to advil about half way down page 2 for this: P4C 800 Deluxe Lan not working.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS - Lost CAL recovery or reset CAL count to 5

Chris Knight mentions a situation where his SBS server had its CAL count reset to 5: Small Business Server 2003 - The Dreaded 5 CAL Reset Issue.

The following KB refers to the methodology to recover your CALs if they were somehow lost as was the case in Chris' case:

Microsoft KB 888818: The number of client access licenses may be reset to five in Windows Small Business Server 2003.

If none of the methods in the KB article can work for you, then there is a fall back: The autolicstr.cpa backup licensing file that is created by SBS.

To recover your CALs via this file:

1. Stop the License Logging Service.
2. Rename the existing licstr.cpa to licstr.cpa.old
3. Copy the autolicstr.cpa to %Windir%\System32
4. Rename the autolicstr.cpa to licstr.cpa
5. Restart the License Logging Service.

One only has to verify that the existing licenses are back by opening Licensing in the Server Management Console.

There is another good use for this information: For one who has setup the server, and installed the CALs as the wrong type. Indicated Device CALs instead of User CALs or vice versa?

Stop the License Logging Service, rename both autolicstr.cpa and licstr.cpa, restart the License Logging Service, and open the Licensing in the Server Management Console.

You will get a 1016 error in the event viewer when the service cannot find the license file, but it will create a new one back at the default of 5.

When you go to reenter your CALs as the correct type, keep in mind that the online method of registration may not work. You may need to call into Microsoft to register the CALs.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Windows Vista - BitLocker caveat - Or maybe not?

Looking forward to incorporating full encryption via the new Windows Vista BitLocker Drive Encryption? We are, and so are our clients who have a huge exposure with client data on all of their laptops.

EFS was not a foolproof option. BitLocker is.

However, a little beforehand research is in order.

One needs to have at least two (2) volumes created before installing Windows Vista.

At least that is how it reads until about the middle of the Help article where it states that if you only have one volume, you can use the BitLocker Drive Preparation Tool to "help get your system ready for BitLocker by creating the required second partition".

From the Windows Vista Help for BitLocker:

Set up your hard disk for BitLocker Drive Encryption

Before you can turn on BitLocker Drive Encryption you need to make sure that your computer's hard disk has the following:

At least two volumes. If you create a new volume after you have already installed Windows, you will have to reinstall Windows before turning on BitLocker [emphasis ours].

One volume is for the operating system drive (typically drive C) that BitLocker will encrypt, and one is for the active volume, which must remain unencrypted to start the computer. The size of the active volume must be at least 1.5 gigabytes (GB). Both partitions must be formatted with the NTFS file system.

Note

The terms partition and volume are often used interchangeably. On most computers, they are the same: one partition equals one volume. On larger computer systems, however, it is possible to have a single volume span several partitions. BitLocker installs on a simple volume, where one volume equals one partition.

If you do not already have two partitions, you can use the BitLocker Drive Preparation Tool to help get your system ready for BitLocker by creating the required second partition [emphasis ours].

If you are using Windows Vista Ultimate, you can download and install the BitLocker drive preparation tool from Ultimate Extras. Download and install the Ultimate extra called BitLocker and EFS enhancements. After you have installed this tool, type BitLocker into the Start menu search box, and then double-click BitLocker Drive Preparation Tool to run the tool. After the tool runs, you must restart your computer before turning on BitLocker.

If you are using Windows Vista Enterprise, you can get the BitLocker drive preparation tool through these standard support channels:

Microsoft Volume Licensing Services

Microsoft Services Premier Support

Additional information about the BitLocker drive preparation tool is available in Knowledge base article KB# 930063.

If your computer meets these requirements, you can turn on BitLocker.

To turn on BitLocker
Click to open BitLocker.‌ If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Click Turn on BitLocker.

Follow the instructions in the BitLocker Setup wizard.

From the above mentioned Knowledge base article:

How to obtain the BitLocker Drive Preparation Tool

Windows Vista Ultimate

If you are using Windows Vista Ultimate, follow these steps to obtain the tool:

1. Click Start, type Windows Update in the Start Search box, and then press ENTER.
2. Click Check for updates.
3. Click View available Extras.
4. Click to select the BitLocker and EFS enhancements check box, and then click Install.

We don't have a free system with a TPM at the moment. So, we won't be able to run through the setup procedure to figure out just what is up.

To the Windows Vista team that wrote this particular Help item, please clarify whether we need to have two partitions/volumes before we install the OS or not. The above Help article certainly, at least in our opinion, doesn't make things clear.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Product Review: HP ScanJet 5590 - Error 23

Not much to review. How is that?

Because we have had a dismal record with them. We are batting close to 80% fail rate on the ones we ordered - all within a short period of time.

Error 23 flashing on the display seems to be the common thread. That error indicates a lamp failure. Sometimes a power cycle will bring the unit online, in many cases it may take several. And, in some cases it may never come back. It seems to be a common problem with these scanners.

We have had our issues with HP product in the past. We will never install an HP optical drive in our systems. Ever! Talk about grief ... if it wasn't burning properly, it would constantly require firmware updates.

Just recently, we received an HP DVDRW drive that was seemingly labelled a Lite-On when we ordered it. We figured we would give it a chance. It would not read any of the TechNet DVDs. It was not a reliable burner. So, out the door it went ... into recycling.

Remember the USB duplex issues with the 2400 series LaserJets? Ouch! We began to cringe when we saw who was on the Call Display. :(

It was always a firmware related error code 42.Fxxx or something like that.

Those ones hurt as we sold a whole bunch of them when they first came out. Firmware after firmware update did not resolve the problems. HP even sent us replacements! And they too had the same problem!

In 99.9% of the cases we installed a network switch to split off the one network connection for the PC and printer. We then statically assigned an IP to the printer, and gave the person using it print and manage access. No one else on the network could print to it. That avoided whatever goof up in the firmware when it came to duplex a print job that came to the printer via USB. But, we had to go through a lot of pain before we figured that one out.

So, it is late, and the scan job that needed to get done, won't. The HP 5590 is just not cooperating. If our supplier won't RMA it, we will just write it off and send it off to recycling. :(

Looks like we will be moving over to Epson or another suitable replacement product for our scanning needs.

Any recommendations? We need ADF with duplex as we scan a lot of documentation for archival purposes.

Other than the driver issues on Windows Vista, HP seems to have done a decent job on the recent models of LaserJet and MFP printer units.

By the way, we did try HP's online support chat for the scanner. That did not work out too well either.

Ultimately, they seemingly have pointed to a "software problem". :8(

Yet another *sigh*

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS & Windows Vista - Group Policy Team Survey

Hey folks, here is a way to let the Group Policy team know what we have been doing with Windows Vista Group Policy on SBS.

From the Windows Vista Blog: Give the Group Policy team your feedback.

The Windows Vista Group Policy Survey is here.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

System Builder Tips: Intel S3000AH "PCI Device" and "PCI Serial Port" Unknown in W2K3

There is an issue for the S3000AH Intel server boards with Windows Server 2003 or SBS 2003 installed.

From Intel's site:

Intel® Server Board S3000AH
Two Unknown Device Under Microsoft Windows* Device Manager

On Microsoft Windows*, after installing all the drivers (onboard LAN, video and chipset), Microsoft Windows* Device manager is showing two devices - "PCI Device" and "PCI Serial Port", each of which has a yellow question mark.

The devices "PCI Device" and "PCI Serial Port" are the components of Intel® Active Management Technology(iAMT). iAMT is not available without driver installed for these two devices. The .inf file for these devices are included in the LAN driver package (10.4 or later), rather than the Intel® Chipset Driver Package.

There are two ways to resolve the warning:

On LAN driver package 10.4 or earlier releases :

(1) Manually install the iamt.inf for the devices. Extract the LAN driver package, select the "PCI Device" in Microsoft Windows* Device Manager and direct Windows to find iamt.inf in the \platform\IntelAMT\Drivers\WS03XP2K (for IA32) or \platform\IntelAMT\Drivers\WS3XPX64 (for EM64T). This will install the iamt.inf. Do same steps for "PCI Serial Port" device.

or

(2) Run the setup utility provided for the LAN driver package in \apps\setup\SETUPBD. This will install the LAN drivers and the iamt.inf. Alternatively, you can install the LAN drivers, PROSET software and iamt.inf file from \apps\PROSETDX.

On LAN driver package 11.0 or later releases :

(1) Manually install the iamt.inf for the devices. Extract the LAN driver package, select the "PCI Device" in Windows* Device Manager and direct Windows to find iamt.inf in the \PLATFORM\IntelAMT\Drivers\Win32 (for IA32) or \PLATFORM\IntelAMT\Drivers\Winx64 (for EM64T). This will install the iamt.inf. Do same steps for "PCI Serial Port" device.

or

(2) Run the setup utility provided for the LAN driver package in \apps\setup\SETUPBD. This will install the LAN drivers and the iamt.inf. Alternatively, you can install the LAN drivers, PROSET software and iamt.inf file from \apps\PROSETDX.

Intel's Site: Intel® Server Board S3000AH - Two Unknown Device Under Microsoft Windows* Device Manager.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Windows Vista - QuickBooks still doesn't work properly.

This post may come across as somewhat cranky ... as it has been months - no years - since Intuit has had an opportunity to get their QuickBooks product to work properly on Windows Vista RTM as well as the Beta 1 and 2 versions!

We support a number of small to medium size accounting firms so we provided the initial troubleshooting to get things running. We also run our business on QuickBooks, so much of the troubleshooting was done at our expense.

So, what does the small accounting firm that works very occasionally with an outside I.T. support firm supposed to think when they are installing QuickBooks 2007 (QBs) for the first time and see this:

There was a problem accessing the Fonts section of the Registry.

So, off to the QuickBooks support site they go, and, all the person would come up with when searching the QuickBooks Support site?

This:

Nada, nothing, zippo. Click on the link and one is taken to the general support pages related specifically to QBs on Windows Vista.

We see that error every time we install QuickBooks on a client machine with Windows Vista installed. So, after all of this time, why isn't there a support page to at least assuage the user's fears?

Okay, so, they clicked OK, and now have their QuickBooks product installed. After the mandatory reboot, the user double clicks on their QBs icon and low and behold:

QuickBooks - Unexpected Error

QuickBooks has encountered a problem and needs to close. You may lose the data that you recently entered. We're sorry for this inconvenience.

You can look at the error report that QuickBooks created about this problem, then choose to send it to Intuit through a secure SSL Internet connection. the process is private and fast. The report will help us improve the QuickBooks product.

Okay, so the user clicks the View Report link. Um, huh?!?


Yes, we already know that the program has crashed. There is absolutely no information there to helps us figure out how to get the program started. Click the Send Report button, and we are greeted with:

Thank you for submitting your report!

Nothing there for us to work with. Okay, off to the support site yet again. The result of the search: QuickBooks encountered problem needs close?

Nothing that can be seen that is relevant to our specific situation. Okay, add the word Vista to the mix: Vista QuickBooks encountered problem needs close?

Nothing yet again. There is absolutely nothing that can be seen on Intuit's support site, when using their built-in search, to help us out here. By now, we are sure the user would be right upset. We sure were after fighting to get things running for a good chunk of time.

So, we go to the Internet search engines to try and find out more information. Even after sifting through the various search engines' results, we had a hard time finding something.

But, we finally found a QuickBooks Knowledgebase article via a search engine other than Intuit's internal one: When installing QuickBooks on Windows Vista OS I get error messages. What does this mean?

Here is the article wholesale:

Windows Vista is designed to be a more secure operating system, so it will present you with security warnings you may not be used to. When you first install the program, and when you run the program, Vista will tell you “An unidentified program wants access to your computer.” If you’re installing, the file it mentions will be “setup.exe”; if you’re running the program, it will be “qbw32.exe”. You should allow these programs to run. If the error message “QuickBooks has encountered a problem and needs to close. We’re sorry for the inconvenience” appears when trying to run QuickBooks it is because you set up QuickBooks to run in the Program Files folder instead of the Documents folder. You can work around these errors messages in either of the following two ways:

Run QuickBooks as an Administrator [bold emphasis ours].
Install QuickBooks in the Documents folder instead of the Program Files folder.
To run QuickBooks as an Administrator after installation:

Right-click the QuickBooks icon on your desktop.
Select Properties.
Select the Compatibility tab.
Click the box next to “Run this program as an administrator” to insert a check mark.
Click OK.
Double-click the QuickBooks icon on your desktop.
Enter the Administrator password if prompted.

To install QuickBooks in the Documents folder:

Insert the QuickBooks Installation CD in your computer’s CD-ROM drive. The installation Wizard prompts you to install QuickBooks. Click Yes.
Type in your installation key code, and click Next.
Follow the on-screen instructions until you get to the QuickBooks Install Options screen.
Click Change New Directory on the QuickBooks Install Options screen.
Navigate to your Documents folder, and click OK.
Follow the on-screen instruction to complete the installation.

So, we have two options: Run as a local admin, or install to the Documents folder?!?

Installing an application to the Documents folder is not an option. Just think about the possible pain points in that one ... they are endless.

Okay, so we follow the instructions to elevate privileges on the shortcut:


We then double click on the icon, and what do we get greeted with? A UAC prompt:

An unidentified program wants access to your computer

Don't run the program unless you know where it's from or you've used it before.

qbw32.exe
Unidentified Publisher

So, we click allow. QuickBooks finally comes up, and we are off to activate and update the product.

Keep in mind that all of the above was accomplished with the user in the Local Administrator Group.

So, after the install, what happens if we remove the user from the Local Admin Group and run the program?

We get a UAC authentication request for admin privileges:


Now, we still had the "Run this program as an Administrator" checked for the shortcut. Thus, the authentication request. But, we were not able to remove that check mark, so, no restricted QuickBooks users on a SBS domain.

Anyone else sensing our frustration with this situation?

What really brings this situation home is the fact that we can get Sage's Simply Accounting installed on Vista with NO pain points at all. None. The install and subsequent update is seamless on Windows Vista.

From the QuickBooks Support site: Benefits of Windows Vista and QuickBooks 2007 for clients 1004160

When you are working on a network, Windows Vista and QuickBooks 2007 make it easier to manage and share the business information your employees need to be productive. Both QuickBooks 2007 and Windows Vista provide dramatically easier navigation to help you get to the information you need when you need it. In short, you can work more efficiently and effectively with QuickBooks 2007 and Windows Vista together.

Afraid not Intuit. To date, we have yet to get a QBs install on Windows Vista up and running without some sort of grief or the UAC warning every time the user starts QBs.

From Intuit's support site: Issues That May Be Encountered Running QuickBooks 2007 on Windows Vista .

And Intuit, please don't counsel your customers to turn off Vista's User Access Control: Turning User Access Control on or off in Windows Vista 1007076. The security was built into Windows Vista for a reason!

A long list of frustrated QuickBooks on Vista users at the Intuit Community Forum.

*Sigh*

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS Premium - Intel ProSet not working?

So far, with every build of SBS Premium, we have lost the Teaming ability on the server.

We have run the P3Uninst.exe file on the server to no avail.

We made sure to shut down all IP related services on the server before attempting any form of uninstall/reinstall.

We then ran the ProSet install utility with the Remove option. This too did not bring back the teaming ability.

Out of the three adapters in this server, two showed the Teaming tab, but if we tried to create a team, we were greeted with:

No Intel server adapter or Intel integrated connection is available for teaming. Each team must include at least one Intel server adapter or Intel integrated connection.

There is something on SBS Premium that is interfering with the teaming. So far, we have not been able to figure out just what that is.

We do not W2K3 SP2 our SBS boxes unless absolutely necessary at this point. So, the problem is not stemming from SP2 issues.

It does not seem to matter whether we are building on a S3000AH Xeon 3000 series board or a S5000PSL Xeon 5000 series board.

Anyone else having similar experiences?

Note: We only build our SBS based servers on the above Intel Server Platforms. We are very conservative in our choice of platform for SBS, and the Intel one has worked very well for us.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS - Installing Windows SharePoint Services 3 on SBS

Some How To articles:

• The Official SBS Blog: WSS 3.0 Installation on SBS 2003.
• TechNet: Installing Windows SharePoint Services 3.0 on a Server Running Windows Small Business Server 2003.
• Official SBS Blog: Trouble Installing SharePoint 3.0 after WSUS 3.0.
• Which points to KB 934790: Description of the Windows SharePoint Services 3.0 hotfix package: April 12, 2007.

To quote from the Official SBS Blog on the proper order of things:

How to install SharePoint 3.0 and then WSUS 3.0.

1. Install SBS R2 including WSUS 2.0.
2. Install WSS 3.0 using the side by side installation steps in the white paper. Complete all steps.
3. Upgrade to WSUS 3.0.

If you install WSS 3.0 after WSUS 3.0, the SharePoint setup will complete, but the SharePoint Products and Technologies Configuration Wizard that runs after setup will fail to create a configuration database and WSS 3.0 will not be functional.

To obtain the above mentioned KB 934790 hotfix if WSS 3.0 was installed after WSUS 3.0, one is required to call Product Support Services.

This post is further to step 13 (reordered), install WSS 3.0 in side-by-side mode, in the previous blog post: SBS 2K3 R2 - Setup steps and resources.

UPDATE: Missed an important link!

Installing Windows SharePoint Services 3.0 on a Server Running Windows Small Business Server 2003 (Link to download SBSWSSv3.doc).

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Workbench Update Bandwidth Saver - ISA 2000

A while back, Susan Bradley mentioned a service called AutoPatcher: AUTOPATCHER TOLD TO CLOSE UP.

To be honest, we did not realize that there was even a need for this type of service! Who was to know that in certain parts of the world, bandwidth is paid for on a per bit basis!

With that realization, we can see why AutoPatcher would be totally relevant.

In our case, we have a workbench server setup that mitigates our bandwidth costs by caching updates locally. It is also isolated from our internal network.

The workbench servers used to run on two VIA EPIA miniITX boards crammed into an old Compaq case with a couple of tiny power supplies and a couple of laptop hard drives to provide local storage.

Both machines ran Windows Server 2000. One was DC and one was a domain member with ISA 2000 installed on top. Why ISA 2000? Because, in our experience ISA 2004 (we haven't even bothered with ISA 2006) could not come close to caching the content we wanted cached: Microsoft/Windows Updates via the Microsoft Update site.

So, what exactly does this mean for us and our bandwidth costs? Well, for example, we just finished rebuilding three Toshiba Tecra laptops. They were all XP Professional Service Pack 1 versions. We then needed to install Office 2003 Professional on top of that!

Whenever we deal with a machine that is using older media, we have an unpacked XP Service Pack 2 folder resident on the workbench DC. We then have a shortcut in the root of the share:

\\WorkbenchDC01\Company\Microsoft\XP\SP2Unpacked\i386\update\update.exe /passive /forcerestart /n /f

Once the shortcut is double clicked on the machine that is pre-SP2, the SP runs on its own with the reboot happening automatically at the end.

From there, we go to Microsoft's Update Site and upgrade the system to Microsoft Update right away. A reboot later and we are on to all of the critical and optional updates to download and install.

Any guesses on the volume of data needed to update each of these laptops' Windows install only as of this blog post?

At last count, it was in the neighbourhood of 210MB on the first run of critical and optional updates! Never mind Office 2003 Service Pack 2's additional 102MB. That would be a combined total of close to 1GB for the three machines first run! There were more to come after that.

When we work with situations like this often enough, we hit close to 95% of all updates cached locally in ISA 2000. The subsequent updates, as well as the Office Service Pack are also cached locally. When we have multiple units to run updates on without any updates being run lately, we always let one run through first to catch any new updates into the cache. From there, the rest of the units will pull from cache.

Do them at the same time, and they all will pull from the Web and thus cost us extra bandwidth and time.

In the above situation, all three laptops were running their post download update install routine within a short period of time.

Recently, the workbench VIA EPIA W2K DC had its hard drive blow up. So, we moved everything into a virtual setup on one box.

Here is what we did for hardware:

• Intel D945GTP Main Board
• Intel Pentium D 950 3.4 GHz
• 3GB Kingston DDR2
• 320GB Seagate RAID 1 (Software)
• 10/100 Built In NIC
• Gigabit D-Link DGE-530T
• Gigabit D-Link DGE-530T
• Antec Minuet 300

And the software to do it:

• Windows Server 2003 (Host)
• Windows Server 2000 Standard x 2 (Guests)
• ISA 2000 (member server)

Memory for the virtual machines is set to 512MB each. The DC has a dynamic VHD of 72GB and is currently using all of 3.4GB. The member server has 2 VHDs attached: One is a dynamic 72GB for the OS and ISA install and is using 3.0GB while the second is a dynamic 120GB that is using 1.5GB.

ISA 2000 has the following cache settings:


The "Less frequently..." lets the objects sit in the cache longer. Thus, we have those updates staying put instead of being pulled from the Microsoft download site.


There is 75GB available to ISA to cache updates. So far, it is holding about 1.5GB.

The 3 NICS are physically setup in such a way as to isolate the workbench setup as follows:

• Gb NIC 1: Internal IP for Virtual Server and VM management - No VMs attached.
• Gb NIC 2: Static IP 192.168.x.x is bogus but plugged into the Workbench Gigabit Switch (File & Printer Sharing off).
• Mb NIC 3: Static IP 192.168.x.x is bogus as it is plugged into the Internet (File & Printer Sharing off).

The workbench VM DC and ISA box both share NIC 2 for "internal" connectivity to the Gigabit switch that we connect any machines we need to run updates on or keep isolated due to some sort of infection. The ISA 2K VM also has a second virtual NIC that is tied to NIC 3 and pulling an IP from our ISP.

We have had great success with this arrangement as well as the previous VIA based one. Due to that success, other than our endeavouring to get ISA 2004 to do the same thing and failing a few years ago, we are leaving things status quo.

Some of you may have a similar arrangement, or know whether ISA 2004 or 2006 in their current iterations would actually accomplish what we are doing with ISA 2000. Is it possible? If so, please feel free to let us know.

And to our friends in Australia, we do hope that you will be able to utilize this kind of setup to facilitate a huge reduction in your bandwidth overhead. It works for us.

UPDATE: 2007-09-22: A sample update run on multiple HP systems:

• HP Pavilion a605x with XP Pro 32bit SP2 OLP fresh install
• Update to MS Update = Reboot
• Update run 1: 202MB includes Critical+Optional+3 hardware
• Total download time for 202MB: 8 minutes (keep in mind the age of these machines)
• Install of 202MB including IE7: 31 minutes
• Update run 2: 43.2MB includes Critical+Optional+1 hardware
• Total download time for 43.2MB: 3 minutes
• Install time: ~10 minutes (keep in mind the large .NET updates)
• Update run 3: 8.8MB (.NET 1.1 SP1)
• Total download time: less than a couple of seconds
• Install time: ~2 minutes

Total time spent on updating all of these machines: ~54 minutes plus a little time for setting them up and taking them off of the bench. Our client's site has the rest of the installs setup to deliver the balance of the needed software via Group Policy Software Install. So, we will let WSUS take care of the balance of updates post domain install.

For Windows Vista Business and Ultimate systems that we have received from our System Builder, they seem to be always up to date. Every time we run Windows Update, upgrade the Windows Update Service to Microsoft Update, there are usually no updates to apply.

We will make a point of visiting them to see just how they do all of that since our OPK/OEM Preinstall requirements and experiences are virtually nil.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 (Cougar) - Vista's UAC Control & Group Policy on W2K8

These training labs are available via the Partner Learning Centre.

That means that your company, whether incorporated or sole proprietorship, needs to be at least at the Microsoft Registered Partner level.

Not there? Then go here: Microsoft Partner Site and register your business. The benefits far out weigh the 15 minutes to register, and the subsequent hour or two to setup your company's profile.

Event Title : Managing User Account Control in Windows Vista and Windows Longhorn Server.

Event Title : Managing Windows Longhorn Server and Windows Vista using Group Policy.

Of course, Cougar is in Beta and under NDA at this point.

However, we all know that Cougar is being built upon Windows Server 2008 with Windows Vista as one of the target client OSs.

With that in mind, these two labs are an excellent way to see some facets of what we are going to have to learn in order to manage Cougar based networks in our near future.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS - Some Relevant Microsoft Virtual Labs

New to SBS or looking to brush up on those skills? Need a free way to get some experience?

Then, check out these virtual labs. They don't tie up one of your systems, and they are always on.

MS Events posted March 30, 2007:

Event ID: 1032336513: TechNet Virtual Lab: Deploying Microsoft Windows Small Business Server 2003 R2 Installing and Configuring the Server Computer (Part 1 of 2).

Event ID: 1032336514: TechNet Virtual Lab: Deploying Microsoft Windows Small Business Server 2003 R2 Client Features and Windows Server Update Services (WSUS) Integration (Part 2 of 2).

MS Events posted October 24, 2005:

Event ID: 1032286878: Microsoft Small Business Server 2003 Technical Overview Part 1 Virtual Lab.

Event ID: 1032286879: Microsoft Small Business Server 2003 Technical Overview Part 2 Virtual Lab.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Labour Day Holiday

We hope that you have had a restful Labour Day weekend!

We have been rather inundated with client demands at this point, so posting has been light.

This coming week being a short one, posting will probably continue to be light!

TTFN,

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.