SBS, SMB, SME, Hyper-V Failover Clusters, Technology, System Builder Tips, views from the I.T. Trenches, and more.
Wednesday, 31 October 2007
Blog Questions
So, we have added an email link to the blog sidebar to simplify the question asking process for now. Please leave the default subject line so the email would not be filtered out by our spam filters.
We have also added some clarification as far as the time involved in answering any questions that come our way.
We are more than happy to answer any questions that are posed. However, because we are a full-time I.T. shop with client support needs, we do need to draw the line at what questions will be answered and whether we would charge a fee for them.
Why? Because, if we spend more time answering questions via the blog for free ... then we would be spending less time we on our client's needs that pay us to do so.
In the end our clients, you our readers, and us and our families would lose.
Thanks for understanding! :D
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Microsoft TechNet Plus Subscription $100 Coupon for US
It enables us to install as many different lab setups as needed via the trialware included in the subscription. The trialware is not time bombed so we don't have to worry about a 3 or 6 month limit on the lab setups. We are working with full versions of the products.
It also gives you access to Microsoft software products via download earlier than anywhere else. We had Windows Vista RTM available to us for download well before the public release.
Service packs, such as the Small Business Server 2003 SP1 three disk set are available too.
The following table is a screen shot of the TechNet subscription rates:
There is a coupon for those in the U.S. that enables you to get $100 off a new TecNet Plus Direct Subscription. The Direct Subscription is a download only version. Meaning, one must download any software .ISOs, updates, security updates, and documentation that one would need for their lab and resources.TechNet Plus Subscription Rates
We prefer to have the DVD subscription so that anything we may not need right away is available to us without using bandwidth or our on-site storage.
To learn more about the TechNet Plus subscription: TechNet Plus Overview.
Thanks to Harold Wong for pointing out the discount code: TMSAM04.
Oh, and it would be nice of Microsoft to include other parts of the world in that discount ... no? :D
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Windows Vista - Now ... Just Exactly What is in What Edition Again?!?
We are eligible for the Windows Vista Ultimate upgrade or Windows Vista Enterprise upgrade editions with our Software Assurance Benefits.
Okay, now ... can someone tell us simply and clearly: What is the difference between Windows Vista Ultimate and Enterprise features in one page or less ... preferably via a grid?
Microsoft's Windows Vista Choose an Edition site does not clarify that.
So, we click the link at the bottom of the Vista Comparison Grid:
Large, global organizations with complex IT infrastructures should consider Windows Vista Enterprise edition.Therein we find a link to Vista Enterprise's features. Still, we don't find a grid to compare to other Vista editions.
With a little bit of searching, we came up with this excellent Windows Vista Edition comparison article at Paul Thurrott's SuperSite for Windows: Windows Vista Review
Part 2: Understanding the Vista Product Editions. We are provided with a grid, and the answer to the question we were asking.
The answer is: The primary difference between the two editions is the inclusion of Media Center features along with the Media Center Extensions and DVD making software in Vista Ultimate Edition.
For us, the differences are important as we need to explain to our client's senior partners the edition options that can be installed on their systems. We may also be required to run some training for our client's partners on the Ultimate feature set either here or on-site.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Tuesday, 30 October 2007
System Builder Tip: DQ35JOE BIOS Update and 4GB+ of RAM
Our board revision levels that we are working with:
- D8XXXX-800
- D8XXXX-702 (Sent direct from Intel for a TST special)
Once the BIOS has been flashed:
- Change BIOS settings as needed.
- Turn on the RAID controller if needed.
- Setup AMT.
- Save & Reboot.
- CTRL+I to setup the RAID array - start the key strokes just before the RAID configuration page as it goes by quick!
UPDATE: Please be patient with this BIOS update. It seems to take a long time!
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
System Builder Tip: DQ35JOE SATA Port Order and Optical drive placement
This was true with the IDE optical drives as well. One would not plug the optical drive into the same cable as the hard drive as the data bus would configure itself according to the slowest device on the cable and system data throughput/performance would take a huge hit.
While this may not be the case with SATA with regards to connected device speed, one still must consider the order of devices connected to the SATA controller. This is especially important if we are integrating a RAID setup via the on board RAID controller.
In the case of the DQ35JOE, one must also take careful note of the SATA connector order on the board itself. For whatever reason, the ports are not in an intuitive order.
Note the following:
They are as follows:DQ35JOE SATA Port Order
- eSATA [port 3]
- SATA2
- SATA5 --- SATA1
- SATA4 --- SATA0
So, which port would be the one to connect a SATA optical drive into?
While there may be no actual convention in place, we would say the last SATA port in the connector set: SATA5.
We would populate SATA0 and SATA1 for a RAID1/0 setup or SATA0/1 and SATA 2/4 for a RAID 1/0 or RAID 5 setup.
Time and testing will reveal how the system will behave with the optical drive plugged into other ports, but while at the Intel Technical Solutions Training (TST) event last Friday, our Intel instructor, Eric, did indicate to us the people in other TST build sessions had troubles before they realized that they had the optical drive plugged into the "wrong" port or in the wrong order relative to the hard drive.
Some links:
- Intel DQ35JOE Supported Processors via the Compatibility Tool
- Intel DQ35JOE System Memory - Configuration & Supported
- Intel DQ35JOE Technical Product Specification [pdf]
- Intel DQ35JOE Product Brief [pdf]
Why? Because it will save a bunch of time troubleshooting those "beep codes" or BIOS messages or server board "Error Light Conditions" or spontaneous system reboots or seemingly no action at all ... etc ... etc ... etc.
Remember, we cannot satisfy Intel's warranty validity requirements if the integration conditions laid out in the support materials are not followed.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
USB KVM - Which one do you use?
Up to this point, the D-Link DKVM-2KU has done the trick.
We have 3 wall mounted LCD monitors that enable us to work on up to 6 systems at the same time on our bench in the shop area.
So, what do you use and why?
Thanks!
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Monday, 29 October 2007
SBS - Cougar 64bit and "Upgrades"
From his post:
We emphasize the 64-bit only line at the end for a reason: We are gearing up for a number of upcoming Swing Migrations for clients that are at the end of the line for their server hardware and this is the only method, in our opinion, that will work for moving clients from SBS 2003 to SBS Cougar.
- Based on the Windows Server 2008 platform and technology wave
- Cougar will include these technologies:
- Windows Server 2008
- Exchange Server 2007
- Windows SharePoint Services 3.0
- SQL Server 2005
- System Center Essentials
- Dramatically improved management, protection, and business productivity
- Emphasis on simplicity and integration
- Providing value for new and existing partners
- Embracing Live Services
- 64-bit only [emphasis ours]
It may, or may not be, obvious, but, one cannot do an in place upgrade of a 32bit operating system to a 64bit operating system. It just ain't going to happen.
So far as we can tell, Jeff Middleton's Swing Migration method will possibly be the only way we will be able to migrate current SBS client domains to the new SBS Cougar setup.
We are on the Cougar Beta Program, so we definitely have testing the Swing Method on our To Do list when the Cougar beta is more mature.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
SBS - Open Value Licensing SKUs for You
- T72-00882 - Microsoft Windows SBS 2003 R2 Standard 5CAL
- T75-00927 - Microsoft Windows SBS 2003 R2 Premium 5CAL
- T74-01746 - Microsoft Windows SBS 5 User CAL Pack
- T74-01745 - Microsoft Windows SBS 20 User CAL Pack
- T74-01731 - Microsoft Windows SBS 5 Device CAL Pack
- T74-01730 - Microsoft Windows SBS 20 Device CAL Pack
Open Value Licensing is an excellent way to mitigate some of the costs associated with software purchases, includes Software Assurance over the three year period, and provides a bit of fixed income for our company for the duration of the Agreement.
At this point, Software Assurance is important as SBS 2008 "Cougar" is just around the corner.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
License Advisor is Broken ... Now what?
A call into Microsoft brought about the following URL: Microsoft Canada Pricing.
This site gives us all of the relevant Microsoft part numbers for all Microsoft Canada licensing programs and products.
There does not seem to be a U.S. or U.K. version off the top? Anyone know where the equivalent site is for their respective country?
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Saturday, 27 October 2007
Neat Utility: SyncToy
Then SyncToy is for you.
From a good description of the utility on Mike Swanson's Blog: SyncToy for Windows XP:
The utility is free.
- Provides easy and flexible copying, moving, and synchronization of files in different directories
- Manages multiple sets of directories at the same time
- Can combine files from two folders in one case, and mimic renames and deletes in another
- Keeps track of renames to files and will make sure those changes get carried over to the synchronized folder
It definitely belongs on the Technician's Thumb Drive! It is very helpful to create a live data backup of a drive that refuses to be Ghosted due to bad sectors on the drive.
We were originally referred to this utility, but where that happened is lost in the fog of memory. :(
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
System Builder Tip: Windows XP converting FAT32 to NTFS
This is the second Hitachi drive failure in this laptop since the unit was purchased.
We are experiencing a very high rate of failure on their laptop hard drives relative to the other manufacturer's drives we see installed in the laptops we sell. Toshiba hard drives run a somewhat close second.
After running the system restore DVD, we ended up with a single FAT32 partition on the replacement drive with no recovery partition.
So, to save a little time we ran the Windows XP built in FAT32 to NTFS converter.
From the command line, one runs: convert c: /fs:ntfs [Enter]
The OS will not be able to run the conversion since we are converting the system partition. It will balk at dismounting the system partition.
Answering yes to the request to run the conversion on the next reboot will solve it.
In this case, the system started the utility on the reboot, then rebooted the system once to continue the conversion process.
Once the conversion is complete, it is important to scan the drive with the Defragment Utility. There will be a bit of a messy organization on the drive after the conversion, so we will need to defragment the drive.
Once that is done, we went on to run all of the available updates and setup the laptop for the user.
Microsoft KB 307881: How to convert a FAT16 volume or a FAT32 volume to an NTFS file system in Windows XP.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Windows Vista - Error - Windows could not connect to the System Event Notification Service service
It is being used for some particular network and application testing for our environment.
Every once in a while, it is impossible for any restricted level user to log onto the machine.
We get the following error:
Windows could not connect to the System Event Notification Service service.Well, we are the system administrator! ;)
Please consult your system administrator.
After a great deal of searching around, there doesn't seem to be any "fix" for the situation yet.
The workaround is to reboot the system and hope for the best. In our case, it works, but in investigating this problem, there are people out there supporting classroom systems that are having this hiccup during classes on several hundred machines.
Here is a direct quote from user iquazee about half way down this MSDN Forum post Limited User account cannot log on due to error: "could not connect to the system event notification service" (Note that the registry keys are continuous ... they are broken into two lines for formatting reasons):
This is a pretty good description of what is happening in the event logs.I did some investigation with a debugger when the problem occurred again on my computer.
And here is what I found so far:
1. Although Vista no longer supports Winlogon Notification Packages, there is still a similar mechanism in place used internally by Windows components (see HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
... \Control\Winlogon\Notifications\Components).
It is quite different though - instead of loading each component as an in-process DLL, the new mechanism uses RPC to communicate with the registered components, and each of them runs as a separate service.
What's interesting, the System Event Notification Service, which is the official replacement for now-unsupported Winlogon notification packages depends on this mechanism (see HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
... \Control\Winlogon\Notifications\Components\Sens).
2. When a logon event occurs (this can be a logon, logoff, lock, unlock, etc.) Winlogon calls each of these 'components' (by binding to a predefined RPC endpoint, the endpoint name seems to be derived from the service SID of each service that is registered for the logon notifications).
There seems to be a timeout if the registered service does not respond quick enough - about a couple of minutes.
3. If some service fails to respond to the logon event, it may cause the logon to fail.
However, it seems that if the user is a local administrator, the logon does not fail (although it may be slow due to the timeouts).
4. It seems that the service which causes the most problems is the TrustedInstaller service.
This service is used to install Windows components, including Windows updates (.MSU files).
It is not used for the installation of 'normal' Windows Installer (.MSI) packages.
What I found is that sometimes, after installation of an update the TrustedInstaller service stops responding to the Winlogon notifications, causing the problem.
The Windows Defender service is not the cause of the problem.
However, when Windows Defender in enabled, most updates installed by Windows Update are the Windows Defender definition updates.
5. The workaround is to kill the TrustedInstaller.exe service using Task Manager (it cannot be stopped otherwise).
Of course, you should not do that while an update is being installed.
The TrustedInstaller service will be automatically restarted when needed (for example, when you use Windows Update).
Here is the first error we see:
It is followed by:Event ID 1530: User Profile Service - Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
...
Process ID 868
Both errors occurred around the time the restricted user was trying to log onto the Vista virtual machine.Event ID 6003: Winlogon - The winlogon notification subscriber [TrustedInstaller] was unavailable to handle a critical notification event.
In this case, as indicated in the previous MSDN Forums (above MSDN link starting at the first page) posts, the process ID that was holding onto the registry was indeed Windows Defender.
So, we may be seeing another bug within the Update Services setup within Windows Vista. Not that we are software debuggers by any means! :D
Links:
- Microsoft Live Search: Vista Cannot Connect to the System Event Notification Service.
- Microsoft MSDN Forums: Limited User account cannot log on due to error: "could not connect to the system event notification service"
- Tablet Questions.com: Event 1530, User Profile Service (Specific to the Event ID 1530)
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Thursday, 25 October 2007
System Builder Tip: DQ35JOE, DQ965GF and Active Management Technology
Since the release of the Q series Executive desktop boards, Intel has really poured on about Active Management Technology (AMT) that is built into the Executive series boards.
When we started building on the DQ965GF series board, AMT was an attractive element to the new Executive series boards.
But, at that time there was one problem to the whole thing: When we were investigating the product and its features, it was indicated to us that we were going to need to outlay a large sum of money on third party applications to get the whole thing working. And, due to the newness of AMT, they were not kidding. So, we essentially left it alone.
Today, things have changed ... or at least they have for us. We were give a pretty good explanation of the features and benefits of AMT:
From Out of Band management which is no power or OS to the system needed to connect and work with the system at the BIOS level, to rIDE (Redirect IDE) which can redirect a system to boot from an ISO hidden on the system's hard drive to restore it back to the image state there are some pretty neat features.AMT Features & Benefits (Intel's site)
The ability to manage a system right down to the minutiae is possible with AMT.
The first thing one must know is that AMT on the Q series desktop boards is disabled out of the box. One must go into the BIOS and set a password to access the AMT features.
Once that has been done, one can access some simple management features by directing a Web browser to http://192.168.22.227:16992 (IP or system name works with port 16992).
We don't have a screen shot yet, as we don't have any of our DQ965GF/DQ35JOE AMT features activated! We will make sure to activate them on JOE (previous blog post) when we get back to the shop though.
One other aspect of AMT that came to light today: There is a free utility from Intel that can be used to manage any Q based system with AMT activated on the LAN.
The utility is called the System Defense Utility. It does not offer remote access from outside the LAN, but it is definitely a step in the right direction for managing a number of AMT activated systems.
Here is a screen shot:
So, we have the ability to get to the system via a Web browser, or the System Defense Utility independent of any OS being active or not. While these means of managing systems are excellent in and of themselves, the thing that should get us to stand up and take note is: AMT management features are available to Microsoft System Center Essentials (SCE).Intel System Defense Utility
Why is this important to us? Because SCE is included with SBS 2008 Cougar! (Microsoft's SBS FAQ) and, SCE will also now be included and licensed with the new "R" code Intel Server Boards ( previous ICC blog post).
Think about the possibilities that this integration gives us. With SCE, we should be able to funnel all of our client's system telemetry into our shop for at-a-glance management. We can charge monthly fees for this service. Or, we can augment our Platinum Level Managed Services Agreement (Karl Palachuk's excellent series on converting an I.T. business model to a Managed Services model in a Month) with these management features if we haven't already done so.
Being that we are a small shop, we prioritize all of the info that passes by us. In this case, we will be giving our investigations into AMT a top priority. Why? Because we can augment our already comprehensive preventative maintenance services we provide our clients with the ability to deepen our proactive management of their systems.
By the way, some laptop models are now being shipped with AMT built in. They will have "Centrino Pro" indicated on them. Keep that in mind when quoting clients that are primarily running their businesses on laptops. It would not be too difficult to justify the additional costs on the laptop with a demonstration of what AMT can do for them and for our ability to be there for them.
Links:
- Intel's Active Management Technology product site.
- AMT at Wikipedia provides an excellent explanation as well.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
System Builder Tip: New Xeon 5000 Series Server Board SKUs for Penryn 45 nm Compatibility
There are some new SKUs to keep an eye out for when building that 5100 or 5300 Xeon servers (the links are to the product pages):
- S5000PSLSASR (SAS Controller)
- S5000PSLSATAR (SATA Controller)
- S5000PSLROMBR (RAID on Motherboard - needs key)
- S5000PALR (Rackmount chassis board)
- S5000XVNSASR (Workstation board)
- S5000XVNSATAR
- S5000VSASCSIR (Value Series Server)
- S5000VSASATAR
- S5000VSASASR
- S5000VSA4DIMMR
The key thing to note is the "R" at the end of the product part number. The "R" indicates that the product will be Xeon Penryn 45nm processor capable.
This revision shift is important to note when considering a server quote for a client. If the client will be using the server box for two our three years ... or even more, then there will not be too many worries about the processor limitation built into the current S5000PSL series boards.If, however, the client may need the option to more power and Penryn at a later date, then the "R" code becomes a factor.
Timing is also crucial. While we are seeing the new "R" code products SKUd up at the supplier level, this does not mean that the new products will be in the pipe any time soon. Keep this in mind when putting together the preliminaries on a presentation with a client or prospective client or an actual quote for product delivery.
While it is nice to be "future proofed", it would not look so good if the "future" did not arrive when we expected it to! ;)
The "R" code products are due to be released on November 11 of this year.
As with other Intel motherboard and server board product releases, keep an eye on board revision level and processor compatibility charts to verify that the processor one thinks should go with a particular board does. Every Intel motherboard product page has a link for processor compatibility.
And one more thing, check the Tested Memory List (S5000PSL list for example) and only supply and install memory on that list. Why? Because, if there is a system stability problem and one is on the phone with Intel troubleshooting it, one of the first things they will ask for is the memory part number. And, if the memory is not on it, they will recommend replacing whatever is in the server with the proper memory. We know, we found out the hard way.
Server boards are particularly finicky when it comes to memory and peripheral components plugged into them. That is why we stick with Intel server products. We have a full range of compatibility lists that help us to determine exactly what server related products and chassis will work with the server setup we are planning for a client. We are not left out in the cold hunting and pecking for the right combination. That is time consuming and can get very expensive very fast.
Intel Blog: Technology@Intel - Penryn - More Penryn info.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Wednesday, 24 October 2007
Need to Remove Symantec/Norton Software? The Norton Removal Tool
The Norton Removal Tool.
Because Symantec's Web pages are active, the links change all of the time. So, here is a Live Search for said tool: Norton Removal Tool.
We make very good use of the tool.
Also, the tool has a built in expiry. Thus, one needs to check the Symantec site on a regular basis for a renewed version of the tool.
It is a free download.
Keep an updated copy on your Technician's Thumb Drive and keep that close to your heart! ;)
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Business Principles: AMD Drops the Ball...
One thing we were looking forward to was the bonus bundle:
At that time, the pictured Windows Vista Ultimate in FPP (Fully Packaged Product - Retail) seemingly made the bonus bundle a very attractive option for us.Keystone - Ultimate Experience Bundle Offer
The tour itself was okay, with a lot of the information from Microsoft being a rehash of information on the 2007 version products being released or soon to be released.
The information from AMD was along the lines of what we were expecting as well. With the new Intel Core 2 line of processors wresting the performance crown away from AMD for the first time in 5 years, the information was a little on the iffy side as far as processor comparison charts and the like.
So, a question to you: Given your experience attending Microsoft and possibly Intel conferences and seminars of various sorts, what product license version of Vista Ultimate would you be expecting when the bonus bundled arrived?
If you have attended any type of vendor/manufacturer/supplier conference, you would probably answer FPP - Retail. Why? Because, in all of our experience, that is the only product licensing type we have ever seen being given away.
So, imagine our surprise when the bundle arrived and we had received an OEM version of Windows Vista Ultimate NFR.
Why does OEM NFR not work for an I.T. shop? Because, a desktop system does not last long in our organization. Once it goes out the door, it is gone. OEM licenses are not transferable to the new system owners. Our clients that purchase those systems are also purchasing a new OEM license with it. And, they activate the OS based on the new OEM license they purchased.
That is why we purchase FPP - Retail product and Open Value SA to augment our MAPS licensing for our internal desktop OSs. OEM does not make sense for us.
Our response was to send a note to the marketing company that sponsored the bundle: Keystone.
Part of the response from Keystone:
This offer is only available to either (A) a system builder or reseller of Microsoft software, or (B) an employee of a Microsoft retail partner. Complete eligibility details available at time of purchase.Unfortunately, there is no polite way to respond to the second line in the response.
As you will note, it does indicate that the packaging may vary from the picture. I thank you, in advance, for your understanding of this matter.
So, we replied to Keystone and CCd AMD:
[We] have a beef with regards to the AMD/Microsoft TechTour bonus bundle. The images show Vista FPP and the description offers NFR for Vista. The general assumption, given previous Microsoft conference experience - they always give out FPP - is that we would receive a Fully Packaged retail NFR version. Instead, we received an OEM/OEI Vista Ultimate copy.AMD responded that the presenter would have mentioned that the Vista Ultimate would be an OEM copy. Both my colleague and I did not hear that as we were avidly listening during the portion of the presentation that focused on the bundle.
The caveat listed below the picture of the products, "Packaging may vary from picture", in my opinion does not cover the difference between OEM and FPP product. It covers whatever the product COMES in.
Given the fact that this is our first venture back into AMD product territory in over five years - we were burned very badly by a string of bad AMD based product - it is not boding well for AMD.
An OEM - NFR tag on the coupon for the Vista Ultimate product would have been the best way to describe it, and also would have resulted in a No-Sale as the deal would no longer appear to be one.
The OEM - NFR tag would have made things a lot more straight forward, as the message would have been, "This is the exact product you are getting" as opposed to, "This is the product you may be getting - or not getting".
I personally do NOT like this kind of advertising. As a business owner, our company being Microsoft Small Business Specialists, we take great care to make sure that our clients know exactly what they are getting. There are no caveats in our descriptions.
Please advise me as to how you want to proceed.
Thanks,
Philip Elder MCP
President & CEO
MPECS Inc.
What could we do? We followed up with the AMD representative and let them know that all was forgiven. In response, they in turned promised to rectify the situation after coming back from a vacation break. They only asked that we send them a reminder to do so after they were back.
We sent three reminders over three weeks and nothing happened.
It is unfortunate that the AMD did not follow through on their commitment to make things right.
We all know the cliché: "The customer is always right".
And, as small I.T. shop owners, this is even more true. There are times where we need to bite the bullet and make things right with our client ... even if it costs us.
There is nothing more damaging to a business' reputation than a cranky former client/customer ... as this blog post can attest to. ;)
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Tuesday, 23 October 2007
Intel Channel Conference and Technical Solutions Training (Alberta)
For Alberta, the Intel Channel Conference is being held this coming Thursday in Red Deer at the Black Knight Inn, 2929 50 Avenue. It was originally scheduled for Calgary, Alberta.
Also, the Technical Solutions Training (TST) is on Friday in Calgary at the Radisson Airport, 2120 16th Avenue NE. Registration starts at 07:30AM.
The TST costs a bit, but we get to build and keep the following:
- Intel® Core™2 Duo processor E6850
- Intel® Executive Series desktop board DQ35JO
- InWin* BL631 + PS chassis
- Hitachi* 0a33423 3.5" SATA 250Gb hard drive
- LG* DVD-RW GSA-H62NK 18X SATA 2MB 140ms optical drive
- Kingston* memory DDR2 667MHz KVR667D2N5K2/2G
- KDS* LCD monitor K-92MDWB BLACK 19" widescreen 5MS HDCP/DVI speakers 800:1
- Microsoft* wireless keyboard and mouse DSK3000
- Microsoft* Windows* Vista* Ultimate OS
For those in other parts of the Lower 48, check out where the closest Channel Conference and/or TST is. They will be well worth your time.
And, you get to take a break and kibitz with those you find who are also really into the tech! :D
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Business Principles: Working with Serial Numbers on the Phone
What to do with: LXTHT0733O37AB
This is especially true when someone can interpret "oh" as a zero or the letter "O", an F as an S, etc.
So, we have taken to using the International Radio Operator's Alphabet:
So, the above serial number would be:International Radio Operator's Alphabet
- Lima
- X-Ray
- Tango
- Hotel
- Tango
- Zero, seven, three, three
- Oscar
- Three, seven
- Alpha
- Bravo
The big bonus comes with those we communicate with on a regular basis by phone. From suppliers to warranty depots, we have noticed that we are no longer spending extra time trying to clarify what we just said.
Better communication makes for smoother business practises and less frustration.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Monday, 22 October 2007
Microsoft Volume Licensing - Site is down
Murphy always seems to pay a visit when we least need him. ;)Microsoft License Statement
service temporarily unavailable
We can't call into the Licensing Support Centre since their phone system seems to be down too.
So, we wait until tomorrow.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Mac on SBS - OS X Leopard ... Soon
However, there are only a few more days to OS X Leopard according to Apple's OS X Leopard site.
Our Canadian suppliers have Leopard SKUd up and show stock coming in with no ETA.
- OS X 10.5 Leopard Retail: MB021Z/A
- OS X 10.5 Leopard Retail - French: MB021F/A
- OS X 10.5 Leopard Retail Family Pack: MB022Z/A
- OS X 10.5 Leopard Retail Family Pack - French: MB022F/A
We just put an order in so we can upgrade our iMac when the time comes. So, we might as well wait before adding it to the SBS network to see if there are any significant Windows Networking differences between Tiger and Leopard. Time will tell...
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Saturday, 20 October 2007
System Building as an Art Form
Our system builders are actually very meticulous about their system building. They provide a system that is put together keeping in mind the air flow characteristics of the case.
It was my first employer out here in Alberta that really taught me about what can only be termed "finesse" when putting a system together. That was Larry MacDonald, and he now owns a company called Executech Computer Services based in Edmonton. He is perhaps the most influential person in shaping my own business sense next to my Dad.
Over the years, after building who knows how many systems and servers, there has been a realization to some degree that what we do can be considered an art form.
How is that?
When we build systems and servers, there is a lot of thought that goes into the process. We take the time to make sure everything will fit together properly, not interfere with the airflow characteristics of the chassis, and the aesthetics within the case.
As we progress through the system build, we will end up with a system that will not look like it has been slapped together without any consideration at all.Minuet and DQ35JOE Preliminary Stages
We make use of a lot of plastic ties to make sure the wiring is neatly tied out of the way of any needed air flow.Completed Minuet Q6600 with RAID 1
Art can be seen in so many things that we do. Beauty is in the eye of the beholder as the old cliché goes, and indeed, a well built system is a beautiful sight.
If it wasn't so, then perhaps the System Modding community would not exist. There are a lot of people who put some serious time into their system setups leaving no stone unturned when it comes to form and function. And it shows. :)
And, a bit of a plug for us: The above system, and around five others like it are going to be in a classroom we are setting up in the shop.
We have already been running one-on-one training sessions for clients on a couple of the systems that are currently built, but one of our goals is to provide hands-on training to the I.T. community specifically on Small Business Server environments.
How that pans out is still up in the air, but one thing is for certain: We have a passion to share the knowledge we have garnered over the years here. Besides this blog which is one avenue to share that knowledge, the classroom is, in our opinion, the next step.
Thanks to all of you who have supported us, and me especially, with words of encouragement, constructive criticism, and constructive correction.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Friday, 19 October 2007
Business Principles: There is no such thing as "Free"
When we were looking into signing up for a popular image hosting service, the service provider makes it clear that they claim no ownership over any Content submitted.
However, to paraphrase:
By submitting, posting or displaying Content on or through Our Image Services, you grant Hosting Company an unconditional right to publish such Content through Our Image Services ... as well as use it in all of our other Hosting Company services. In addition, by submitting, posting or displaying Content which is intended to be available to the general public, you grant Hosting Company the right to do whatever we want with said Content for the purpose of promoting Hosting Company services. Hosting Company will stop doing this at our discretion if you remove the Content and stop using the Image Services.The service really isn't free, is it?
The service provider finds something they like, and away they go.
The point of this post is straight forward: Whenever we acquire the services of a "free" Internet site there is a transaction involved. The service provider needs to generate revenue to provide those services.
It is up to us to place a value on the "cost" associated with the service.
If the cost is acceptable, then tick the "Accept the Terms & Conditions" and go. But, that cost should always be weighed before accepting them.
Here is an Internet search for some of the key words in the above paraphrased statement: Terms & Conditions Keyword Search (Live Search).
It is not too surprising to see a number of outfits out there peddling the same thing.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
SBS - Office 2003 Install Location After Domain Add
In this case, we are setting up a couple of Windows XP Pro Virtual Machines with Office 2003 Pro installed for some testing sessions that we will be doing.
The VMs are already resident on a Virtual SBS domain.
These particular XP VMs do not have Office deployed by GP or installed before being added to the domain. If they did, Office would be in its standard install location under C:\Program Files\Microsoft Office.
So, when we ran the install routine for Office Pro, this is what we were greeted with for the directory install location:
Having Outlook already installed by the SBS domain setup routine means the full version of Office installer picks the current location of Office Outlook: C:\Program Files\Microsoft Outlook.C:\Program Files\Outlook
In this case, we are leaving it at its default choice. Once the installation of Office was done:
So, on a day where we may have had five or six workstation installs where Office was not delivered via GP, we may miss changing the install location to \Microsoft Office on some of the machines that are already on the SBS domain.
In our experience, there is are caveats with changing default install location for applications such as issues with registry settings, subsequent uninstall needs, and other hiccups with product install or reinstall situations. This is not so common anymore, but still happens occasionally.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Thursday, 18 October 2007
System Builder Tip: Meet JOE ... Intel's new Executive Series Desktop Board
So, we will be building our corporate systems on the new Intel Desktop Board DQ35JOE from now on.
In the mean time, we are going to build a series of Core 2 Quad Q6600s on the JOE we will obtain through distribution. The systems, around 5 or 6 to start, will be used in a training lab we are putting together in the shop here.
Here is a side-by-side with our current corporate system mainstay, the DQ965GFEKR series:
It is pretty obvious that this is not just a step up in a board revision with a relabel. We are seeing 32bit 33MHz PCI go the way of the Dodo. Kinda reminds me of the PCI replacing ISA days. For that matter, PCI 32/33 has been around for a long time in computer years.Left: DQ965GF - Right: DQ35JOE
And, check out the very left hand bottom of JOE: There is no PS/2 connectors! :D YAY! Anyone else remember the promise made somewhere around 10 years ago? Wow! It sure took one heck of a long time for that one to pass. Same with the now absent parallel and floppy ports!
The new JOE has dual video out. One DVI and one VGA that will now support dual monitors native to the on board video. That is a pretty kewl feature. In some cases where high powered video is not required, this will save a few bucks for our clients that do things like desktop publishing and the like.
JOE comes with an eSATA connector - in red - that has an external mounting bracket with cable that can be mounted at the rear of the case. While eSATA is definitely a neat feature, it presents a bit of a predicament. That predicament is data protection.
This is one place where a smaller client with no Software Assurance/Enterprise Agreements really should consider BitLocker.
Despite all of the crying about Windows Vista Ultimate and the so called "lack of features", BitLocker is, to us, the "killer app" in Windows Vista Ultimate. In the Corporate World, all of the other stuff is fluff ... well ... except maybe for the partners or executives. ;)
BitLocker should be an easy sell to any client requiring client data security. Think doctors, lawyers, accountants, dentists, and any other professional or trade where client/customer data needs to be protected.
Tie BitLocker into that external USB HDD that is mirroring the internal hard drive, some training on the use and rotation of the drives, and a second drive (we use different colour enclosures) for off-site rotations, and we have have a nice little security package we can propose to our clients.
The Intel product sites: And remember, the product life cycle may be at least two years, but that does not mean that we will not run into some sort of revision level to CPU compatibility next year!
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
System Builder Tip: Intel Desktop Boards to Desktop Processors Compatibility Tool
Trying to figure out board revision to CPU compatibility can be challenging at best.
Intel now has the Intel® Desktop Processors and Desktop Boards Compatibility Tool.
We now have a tool that will facilitate a quick reference for that board revision quest.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Wednesday, 17 October 2007
SBS - Licensing for Charity, Education, and more
In the case of server and Office software, all Charity and Open licenses are full version products.
The exception is in the case of the Windows Desktop Operating System.
What this means is, the organization must either have a Fully Packaged Product (FPP) (Retail) with all of the contents intact of a qualifying version of Windows, or an OEM version that qualifies as a version that can be upgraded by the Licensed upgrade edition Windows OS.
There is no exception to that rule.
Despite the fact that the OLP Windows XP Pro did not have the appropriate Upgrade Check Bits in place, it was an upgrade version.
So, in the case of an organization that is running their entire desktop OS environment on their Microsoft Charity Licenses for Windows XP, there needs to be the qualifying OS base to work from.
If there are no OEM COAs, CDs, and manuals or FPP on site for machines that are already in place, they will need to purchase Fully Packaged Product (Retail) to set their licensing straight.
A Licensing version of a Windows Desktop OS always has to have a legitimate full or OEM OS to upgrade from. PERIOD.
Even with the "Vista Workaround". There has to be a qualifying FPP or OEM license associated with every machine in the organization.
Remember, we are responsible for advising our clients on licensing, so we need to be absolutely clear where we stand when it comes to properly licensing any software product installed on the network infrastructure we are managing.
In our case, when working with a new client that is not in compliance, we would work with them to bring them into compliance. If they resist or refuse, we have the appropriate legal letters and registered mail to take care of severing the business relationship if required. If it was required, we would then walk away. We would also follow the recommendations of our legal advisers from there.
It is a point of principle.
Keep in mind that if a client, or even former client, gets audited and they are not in compliance, then we can bet that the BSA would be knocking on our doors next, and then any other clients that were then indicated as not compliant via our records would see a visit too.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Blogger is choked today :(
Hopefully they get it fixed.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Tuesday, 16 October 2007
System Builder Tip: Intel DQ965GF Series BIOS Update Released
The BIOS revision: CO96510J.86A.5975.2007.1010.1807
The downloads:
From the Release Notes:
- October 11, 2007
- CO96510J.86A.5975.2007.1010.1807
- VBIOS info:
Build Number: 1518 PC 14.27 07/06/2007 17:11:20. - SATA RAID info:
Intel(R) RAID for SATA - v6.1.1.1001 - SATA AHCI info:
Version UPSD src 08-24-2007 - PXE Nahum info:
Intel(R) Boot Agent GE v1.2.50 - ME firmware build:
2.1.3.1031 production signed.
We always update the BIOS on the first boot of a system or server we put together.
This one is pretty important.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
SBS - Windows Vista System Setup and Group Policy Software Installation
Then, along comes Windows Vista with Windows Defender built in. If one installs the Vista machine into the same OU that has the Windows Defender Group Policy Object (GPO) software installation setting applied, we end up with the following series of errors:
Event ID 103: The removal of the assignment of application Windows Defender from policy SBSComputers Software Installation Policy failed. The error was:%%2We know that that Windows Defender cannot be removed from Vista by the GP setting as it was never installed by that GP setting in the first place as the previous Event ID 101 error indicated.
So, to alleviate any Windows XP Software Install GPO conflicts with Windows Vista, we create a new OU:
What this means for us is a little more organization between the two Windows desktop operating systems.SBSVistaComputers OU with attached Security Policy
Keeping a naming convention is important, as this will clue anyone in as to why the OU is there in the first place.
When adding a new computer to the SBS domain via the Set Up Computer Wizard, we are greeted with the following OU options for the new computer:
Set Up Computer Wizard: SBSVistaComputers OU Available
If one tries to nest the two OUs under the SBSComputers, the SBSXPComputers and SBSVistaComputers OUs will not show up in the Set Up Computer Wizard:
- SBSComputers
- SBSXPComputers
- SBSVistaComputers
Also, one needs to remember when adding a new OU to Link any common GPOs as required.
When it comes to Windows Vista, keep in mind that we need to manage any Group Policy settings particular to Windows Vista on a Vista machine signed in as the domain admin.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Microsoft Licensing - Upgraded License Advisor Again?
We have mentioned it before:
- The Licensing Muddle - Here is the Cure - Microsoft Licensing Advisor
- Microsoft Volume Licensing - The Configurator is Back ... kinda
Today, we have a situation where a client with an existing Microsoft Open Value Licensing Agreement needs to add a product to the agreement. They are still in year 1 of the 3 year agreement.
The first thing we noticed is that the interface has been changed. And, in our opinion, not for the better.
After choosing our country, the Open Value program within the Quick Report, and then not licensing company wide option, we are presented with the list of products:
We have to keep on clicking the Next button at the top right of the products list to "scroll" through them. The pause in between each group of 6 is painfully slow too!List of products: 6 at a time!
Change the "Filter Products" option at the top left of the products list to "All", and we still only see 6 products at a time!
At least with the previous License Advisor generation/version when we selected "All" we would get the entire list to scroll through with a Scroll Bar. The second referenced previous post above has a screen shot of the previous Advisor Web interface.
So, after "scrolling" through all of the products to find and select the one we need, we click the Next button at the bottom right to generate the report and we were greeted with:
Warning!Um, we are looking for an additional license here folks.
Sorry but your report does not meet the minimum requirements for your selected program
Since the core logic of the Advisor is seemingly setup to meet the minimum number of licenses required for a new order, perhaps the question should be asked at the beginning: Are you starting a new Agreement today or adding to an existing one? "Yes" or "No".
And, come to think of it, when it comes to Open Value Licenses, once it is established that there is an existing agreement in place, the question should be asked: Are you in the first, second, or third year of the Agreement. This would help to narrow down the part number results to the correct ones for the given year of the Agreement.
This means that for now, we need to keep in mind that we have to add enough licenses to meet the minimum which is 5. And, remember to do that every time we need an additional license! ;)
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Monday, 15 October 2007
System Builder Tip: Dual Socket X38 Extreme Penryn
While looking for information on the new X38 series server boards for the new Xeons we will be seeing in the near future though, this little gem came up:
- AnandTech: Intel's 8-core SkullTrail System
- Dual LGA-771 Sockets
- Dual Penryn Extreme
- Quad SLI Capable
- Skulltrail: The Super-Charged V8
There is definitely a market for this kind of rig outside of gamers. Think 3D rendering, and evening/overnight render farms for things like 3D Studio Max and the like.
Think Revit 2008 or AutoCAD 2008 with Ramsteel and other intense calculation add-ons. Or, 3D and huge calculation setups like SolidWorks. These types of applications will benefit from this kind of rig.
This is where we smaller shops can take a huge advantage over our larger competitors.
We can arrange to walk into one of our engineering or architectural firm clients with one of these rigs under our arms with the required software already installed and ready to go. Then, we could allow some of their more advanced CAD/3D operators have at it. This would make a huge impression on the users and their managers after a couple of days of use. Imagine how the client's user would feel when they went back to their previous system!
Doing the same with the Core 2 Duo, Core 2 Quad, and Core 2 Duo/Quad Extreme rigs worked in this manner. The products essentially sell themselves. The Return On Investment may need to be explained a bit to the management, but that should not be too hard for someone who knows how more horsepower impacts a CAD/3D operator's efficiency and the overall organization's productivity.
Time is money. These rigs pay for themselves in two major ways:
- The particular CAD/3D operator grows into the horsepower of the system increasing their productivity fairly quickly.
- And, the overnight rendering farm increases its productivity per watt consumed as a result of the increased horsepower available in the Extreme based boxes.
UPDATE 2007-11-02: TG Daily has further details on the SkullTrail enthusiast's platform: Intel’s Skulltrail enthusiast platform running at 5.0 GHz. Note, not for the financially weak of heart! ;)
Looks like Skulltrail will give the Mac Pro Dual Xeon X5365 Quad Core $10-12K system a run for its money!
The Mac Pro in this image is missing some additional hardware like more ATI video cards!Mac Pro Dual X5365 Xeons
TG Daily article came via Slashdot: Intel in the GHz Game Again - Skulltrail hits 5 Ghz.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
System Builder Tip: New Xeon 3000 Series CPUs ...
- Intel Xeon 3065 2.33 GHz BX805573065
- Intel Xeon 3075 2.66 GHz BX805573075
- Intel Xeon 3085 3.00 GHz BX805573085
But, one major caveat: There is no server board for them yet. At least, not for us pedestal/5U system builders. There is an interesting 1U half sized server board available that enables one to cram two of the server boards into one standard 1U server chassis. Hmmm.... :D
This situation is identical with the release of the 3000 series Dual Core Xeons last summer. We had processors, but no S3000AH series boards to plug them into.
So today, on the phone with Intel we go. The representative we spoke with indicated that we should be seeing an X38 series replacement for the S3000AH SKU up soon.
Actual product flow will probably mirror our experience with the S3000AH too: Disti was reluctant to carry them and the processors while Pentium D processors and the SE7230NH1 were still prevalent in their own supply pipe at that time. So, the same may be true while the S3000AH and the current 3000 series Dual Core Xeons are available.
This time around though, it is not a big deal. An extra boost on the Front Side Bus will not break us.
But, things were not the same during last year's CPU/Motherboard tech shift.
Like our experience transitioning the desktop to Core 2 Duo from Pentium D, server performance jumped leaps and bounds ahead when we got our hands on our first Xeon 3050 and an S3000AH server board and could compare that server box pound for pound with a Pentium D server we had just finished building. The Xeon 3050 put the Pentium D 950 to shame hands down.
And so, we wait. :)
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Outlook 2007 - RSS feeds no longer work ... period! 0xB7AC0008
Well, several reboots later, nothing seems to be working.
Outlook keeps throwing 0xD07C0008, 0xD28C0008, 0xD49C0008, 0xD6AC0008, and so on, and so on, ad infinitum.
This is Outlook 2007 on Vista x64 connected to our SBS Exchange server.
So, the next step is to export all of the feeds, then import them again. Nope. Doesn't work.
So, what are the options from there? One is to delete them one by one. Then, import the OPML file again. What a tedious process. There is a very painful pause in between each one. This is oh so senseless.
So, after all of this, Outlook is pretty much unresponsive. This is after deleting two of the blog feeds. There is not enough time in the day to fix it.
So, time to throw in the towel. Are there any good RSS Readers that integrate into Outlook 2007? Or, perhaps a standalone reader. Free is not so important as the ability to sort the feeds by blog and perhaps a further sort by subject would be nice.
*sigh*
Okay, maybe I spoke too soon. Outlook seems to have recovered. I was able to delete the feeds in both IE and Outlook, and the feeds are coming back with no errors - or at least some of them are. Time will tell if they pick up or not.
This breakage is cyclic. There seems to be no rhyme or reason behind it. But, it just keeps happening!
The question above still stands though. Time to move on until Microsoft gets their collective Outlook stuff together and fixes the problem.
Previous post on the subject: Outlook 2007 - RSS Broken Feed Frustration.
UPDATE: As I sit here, there are no RSS feeds coming up. Anything that showed up stopped on the date, October 10 or thereabouts, that things stopped working. So, no fix. :(
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Friday, 12 October 2007
SBS Premium - ISA - Creating a Work Hours Internet Site Restriction Policy
One of the requests we get is to place a restriction on which Internet sites that users would commonly visit during working hours or at all.
In ISA 2004, we would do the following:
- Open the ISA Management Console
- Right click on Firewall Policy -->New --> Access Rule
- We call them Workhours Deny
- Rule Action: Deny
- Selected Protocols: HTTP, HTTPS, MSN Messenger
- Access Rule Sources: Internal & Local Host
- Access Rule Destination: Add
- New: URL Set
- Name: Workhours Deny
- Add: http://*.rad.msn.com/*
- Some sites at the bottom of this post.
- OK
- Click on + beside URL Sets and double click on "Workhours Deny"
- Close
- Next
- All Users -->Next
- Finish
- In the ISA Console, double click on the Rule before clicking Apply in there
- Click the Action Tab: Tick "Redirect HTTP requests to this Web page:"
- We create an AUP page for Companyweb: http://companyweb/General%20Documents/AcceptableUsePolicy.aspx?PageView=Shared
- Click the Schedule Tab
- New button
- Name ClientName Workhours and set the active times.
- We set 0800 to 1800 for the times as a rule for all 7 days.
- Click OK
- Click Apply and OK in the Workhours Deny Properties window
- Click Apply and OK in the ISA Console.
During the working hours specified, if the user tries to connect to the Web sites that are listed in the Deny List, they will be greeted with the following:
Here is a partial list of sites that we tend to restrict out of the box as part of the SBS Premium setup:
- http://*.ebuddy.com/*
- http://*.get.live.com/*
- http://*.login.live.com/*
- http://*.shared.live.com/*
- http://*.webmail.usersisp.com/*
- http://*.gmail.com/*
- http://*.hotmail.com/*
- http://*.login.yahoo.com/*
Any site that would essentially waste a user's time or open the network to possible compromise would normally make the list.
In almost all cases, most people figure it out and there is not a problem. Once in a while a little more is needed, so with the Client Contact's approval, a simple email with a screen shot of an ISA report showing the user name and sites being visited is sent to the problematic user. This usually kills the behaviour immediately.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Accpac Workstation Setup: BTrieve Error 35
When we had most of the bugs ironed out, but the one that had us struggling the most was this error when we ran the Accpac client on the workstation:
BTRIEVE file directory is invalid(btrieve error 35)This error had absolutely no indication as to the cause.
By this time, it was getting quite late, and the answer just did not seem to be forthcoming in our Web searches.
So, we took a break from it. The following day, we were able to finally discover what was causing the problem: We had setup the ODBC Datasources using the mapped network drive for the setting in the ODBC Administrator.
We needed to change the settings to the UNC path: \\mysbsserver\accpac
That fixed it.
A huge thank you to NextLevel Information Solutions for sharing their fix for the problem. It is a little over half way down in the FAQ.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.
Thursday, 11 October 2007
SBS Premium - SBS Post Install ISA Rule Must Do for DHCP
The possibility of a switch failure drew us to bring an extra Gigabit switch with us as we have seen switch failures before.
It turned out that we needed to create a special rule in ISA for client machines that have lost their IP completely and now had a 169. address.
The rule looks like the following:
Note that the Listener is set for only the Internal and Local Host interfaces. We don't want the DHCP rule to access the Internet NIC.Access Rule: DHCP (reply) & (request) via Internal and Local Host
To create the rule:
- Open ISA Manager
- Right Click on Firewall Policy --> New
- Click on "Access Rule"
- Call it 169 DHCP Access or the like [Next]
- Allow [Next]
- This rule applies to: Selected Protocols
- Add Button
- Infrastructure: DHCP (reply) and DHCP (request)
- Close and Next
- This rule applies to traffic from these sources: Internal and Local Host [Next]
- This rule applies to traffic sent to these destinations: [Add Button]
- Network Sets: All Networks (and Local Host)
- Close and Next
- All Users [Next]
- Finish
- Apply and OK in the ISA Manager
Doing a release and renew will allow the client computer to now connect.
The reasoning as we understand it can be found in a previous post: SBS 2K3 Premium - All Editions, ISA, and DHCP on SBS.
This particular SBS Premium box was installed last year during a run of large installs and apparently we missed this step during setup and the DHCP issue didn't rear its head until now!
The importance of this Firewall Rule being there on Premium boxes is the reason behind this post. :D
UPDATE 2007-10-12: Image of ISA if one tries to add the broadcast address to the Internal Range:
It does not seem to work.
The default ISA Internal does include the full subnet though:
But only for that particular IP range.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.