Saturday, 30 August 2008

A neat thing about this business ...

.... is the people we get to meet and work with.

One of our local suppliers has a great fellow working for them by the name of Dustin. He is our primary contact for sales and support.

Monique and I just returned from his wedding and reception. It was awesome!

Congratulations to Dustin and Jen on your wedding day! Marriage is ssuuuwwwwweeeeettttt!! :D

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
http://blog.mpecsinc.ca

Sent from an SBS integrated Windows Mobile Device.

Software Assurance time limit after OEM or Retail FPP purchase

With the looming deadline for purchasing Open Value Licenses (OVL) with Software Assurance or Open Value Software Assurance (SA) on OEM or Retail packaged product, it is very important to note this one fact:
  • Software Assurance can be purchased ONLY within 90 days of the original OEM or FPP purchase.
That is, if a client purchases an OEM SBS 2003 R2 Premium today, August 30, 2008, then they have until November 30, 2008 to purchase Software Assurance.

But then, we hit another snag: OVL license and SA or OVL SA for SBS 2003 R2 Premium is available only until October 31, 2008.

Right now, SA is the best value on the planet for our clients going through hardware refreshes or new clients we are installing SBS infrastructure for.

Some links:
Check it out!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Friday, 29 August 2008

Intel X25-E SATA Solid-State Drive - Extreme Performance

Lately, solid-state drives (SSDs) have been getting some headlines.

So far, as far as third party gossip goes, we have heard both good and bad about them.

The big question for us when it comes to laptops is: Power consumption. Do the drives have a reduced power consumption requirement over standard spindle based drives? The bits and pieces we have come across have been on both sides of the fence.

No matter what the power consumption is though, this little point sure was an eye popper:


Intel SSD: Up to 250MB/s sequential read, up to 170MB/s sequential write

Wow ... wow ... wow! 8-O

Capacities are not there yet ... but they are coming up. And when they do, say bubbye to spindle based storage as a mainstream way of keeping data on the local machine.

There may still be a need for spindles in specialty applications, but there is absolutely no doubt that SSD is the future of local machine data storage.

Now, to get a set of eight 64GB Intel X25-E Extreme SATA Solid-State Drives for an absolutely killer RAID 0+1 array that would totally saturate the PCI-E bus man! :D

Just a little geeking out here ...

Links:

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Thursday, 28 August 2008

SBS 2008 Premium on Open Value Licensing - ISA considerations

This post is more to generate some creative juices in the old grey matter. ;)

Given the experiences we have had configuring ISA 2004 to work with our SBS 2008 lab setups, there look to be a couple of possible methods to make things work.

The key to it all folks: Take a very close look at your SBS 2003 SP1/R2 Premium setups with ISA 2004 installed and configured properly.

Look at how the SSL setup works and just how the Configure E-mail and Internet Connection Wizard sets the ISA SSL bridging up.

From there, it is possible to see two possible ways of configuring ISA:

  1. Bridging using the SBS self-issued cert for RWW and an internal URL for RWW. ISA will bridge SSL for remote.mysbs2008.com to remote.mysbsdomain.local without the dreaded 500 errors.
  2. Bridging using the split DNS setup built into SBS 2008. ISA bridge Internet remote.mysbsdomain.com calls to remote.mysbsdomain.com on the SBS 2008 box.
We have been using the second method to make everything work so far. The key factor is to make sure to import the third party SSL certificate with the Private Key in it.

But, since the current SBS 2003 SP1/R2 Premium setups with ISA 2004 use method 1, we will experiment with it to see if using the internal URL will break things on SBS 2008 ... a distinct possibility given the wizard's use of a split DNS setup.

We won't be able to do this until our lab setup has the SBS 2008 Win2K3 setup in place with ISA 2006 installed and waiting to be configured for use with the Springers' SBS 2008 network.

If the trial runs at setting up option 1 do not work, we will make sure to let you know...

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - Some test lab considerations

One of the major questions we need to ask ourselves when we are going to test a new server OS or workstation OS product is: how?

Some criteria to consider in that how:
  • Internet connection.
    • Static IP with URL A for DNS, MX for mail, SSL.
    • dDNS setup.
    • No Internet connection at all.
  • SBS 2003/8 specific: Remote Web Workplace functionality.
  • Server or workstation hardware
  • Virtualized OSs.
  • Terminal Services
  • Group Policy settings from OU structure right through to the minutest GPO and its settings.
  • Workstations.
    • Hardware or Virtualized.
    • XP Pro and/or Vista Business/Ultimate
  • Microsoft Office version
  • Line of Business Applications
The above list is by no means complete. But, it does give us food for thought.

For us, the imperative when looking to test a beta product, SBS 2008 for example, is to make sure that we have a setup that is close to what a real production environment would be like.

This imperative becomes all the more important as we began to realize just how much SBS 2008 has changed over SBS 2003. We absolutely needed an Internet connection with at least a dDNS setup or, in our case, a dedicated static IP with the proper DNS settings in place.

As an example, we wanted to run through setting up SSL with a third party certificate for Remote Web Workplace because the new Getting Started Tasks contained a wizard just for that purpose. With that cert in place, the next step was figuring out how to make ISA 2004/6 work with the SBS 2008 RWW setup and so on.

When it comes to our client specific setups, we create a lab environment that mirrors their production environment. It is then critical for us to provide the necessary infrastructure to facilitate the mirror. To some extent, virtualization can help a lot here, but not completely.

In the case of SBS 2008, as mentioned in previous posts, we have a couple of lab setups in the shop. The critical one for us right now is the Springer Spaniels SBS 2008 setup that is a part of the book that I am co-authoring with Harry Brelsford.

It is the Springers' lab setup that needs to be stable and properly configured as our other lab setup is the one we like to blow up by doing silly things like enabling the Intel ProSet NIC Teaming settings and then running the wizards ... can you say reinstall anyone? ;)

This is an overview of the Springers' lab:
  • Intel X3070 Xeon Dual Core CPU on an Intel S3000AHLX server board, 8GB Kingston ECC Intel approved RAM, Intel SRCSASRB RAID controller in RAID 0+1 with 4x 320GB Seagate ES series hard drives for a total of 640GB of storage.
  • SBS 2008 RC1 is installed and in the process of being configured.
  • 4x workstations configured as follows:
    • Intel Core 2 Quad Q6600, Intel DQ965GF or Intel DQ35JO motherboard , 6-8GB Kingston RAM, 2x 320GB Seagate ES or AS series hard drive in RAID 1 via on board RAID controller all tucked into an Antec Minute 300 or 350 for space saving.
    • Windows Vista Ultimate x64.
  • Workstation VM setup:
    • Station 1: 4x Windows XP Pro VMs using our TechNet Plus for licensing (lab).
    • Station 2: 4x Windows XP Pro VMs using our TechNet Plus for licensing (lab).
    • Station 3: 2x Windows XP Pro, 2x Windows Vista Ultimate VMs using TechNet Plus (lab).
    • Station 4: Server 2003 R2 Std for ISA (TechNet in lieu of Open Lic.), Server 2008 Std x64 (SBS 08 RC1 Premium).
  • Network Setup:
    • Internet static IP bound to our own ISA 2004 (on SBS R2 Premium) with DNS A, MX, SPF records in place for springersltd.com.
    • The Springers' SBS 2008 box sits behind a D-Link DI-604 consumer router with a publishing rule on our ISA 2004 to allow it out only.
      • D-Link internal Springers' IP range: 192.168.99.0/24
      • D-Link WAN port IP: 192.168.125.210 (reservation on our internal SBS DHCP setup)
    • Our ISA 2004 has the Springers' SSL certificate bound a publishing rule set to allow HTTPS and SharePoint 987 to forward to the D-Link's internal IP. The D-Link forwards those to the Springers' SBS 2008 box.
    • Our ISA 2004 also has VPN and SMTP for the springersltd.com forwarded to the D-Link then on to the Springers' SBS 2008 box.

We have limited the number of virtual workstations to 4 per physical workstation as we plan on stress testing the setup by having a number of people logging in at the same time as the Springers' users. They will do things like run Outlook to create and send e-mail, Word documentation, SharePoint, and the like.

Yes, the workstation grade hardware hosting the VMs will not necessarily provide the "real world" experience like having those desktops on a Hyper-V enabled server with a high performance RAID array setup and a couple of cores assigned to each would provide, however, it will give us some indications as to how the Xeon 3070 will hold up under 10 users with a number of the server services in use simultaneously.

Note that the D-Link is a temporary measure until we reach the stage where we are installing the Windows Server 2008 x64 Standard server that is a part of the SBS 2008 Premium setup. When we have reached that stage, then, we will look at setting up ISA on Windows Server 2003 R2 Standard either as a VM, or if we have a spare box kicking around, a dedicated hardware solution.

There is a significant cost in time and equipment in the lab setups we have. It only makes sense that if we want to provide the best possible product knowledge to facilitate our ability to provide our clients with the best solutions for their needs, then we need to invest time and money.

This is critical: The closer and closer we get to the Cloud and its opportunities and pitfalls, the more our knowledge and experience will be the key to us and our I.T. company moving forward successfully.

Take careful note: The "we" and "our" in the above sentence means every single employee and contractor that works with us under this umbrella we call MPECS Inc. It also means our clients and their feedback, the vendor contacts we work with, our peers in the local I.T. industry, and you our blog readers that provide excellent feedback for us to build on.

Ultimately, it will be our teamwork that carries us through this transition period.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Wednesday, 27 August 2008

Product consistency is good for business

One of the key points to selling something, and continuing to sell that something, is based on the product's consistency.

Take for example, Oreo cookies. A little off-topic perhaps, but I am an absolute Oreo fanatic. They are the source of my radio and online handles: Oreo Man and MunCHeeZz.

Why pick on Oreo cookies though? Because, for you Americans, if you have never had a Canadian version of the cookie, you are missing out.

A friend brought a bag of US made Oreo cookies and I could not finish it. They did not taste near what their Canadian counterparts did, nor did they taste near as good.

The psychology behind product loyalty is deep and complex as any marketing campaign can point out to us ... or it can be outright simple as some product marketing schemes go.

When it comes to consistency, the look of our workstation is key:
  • We are not marketing to end users and thus do not need flashy coloured skins on our boxes. The exterior look of the box should be relatively plain and functional with a taste of elegance. In our case, our chassis of choice is either the Antec Sonata II or Minuet 350 depending on the form factor needed.
  • Our component setup within the box is consistently the same across many different orders.
For many of our clients, what is inside the box is not important. We can try and convince them that the larger manufacturers will give them any manner of component inside the same looking boxes, but they, for the most part, will not pay attention.

What they do pay attention to are the costs associated with those hardware setups. And, that is where we, a smaller I.T. shop, can have the advantage over the larger system manufacturers.

Over the two year period during which our larger clients run through their hardware refreshes, we will implement the same system configuration across the board down to the hard drives, motherboards, RAM, and other components used.

How does this save our client's money? Homogeneity. That is: Sameness.

Troubleshooting issues on all manners of hardware configuration in one office can be grief stricken, never mind the nightmare for our client audit notes. Then there is the RMA process and loss of productivity. These things cost money across the long run ... in many cases more than the money "saved" purchasing from tier 1 or 2.

In the case of our larger clients, imaging becomes a factor and having the same hardware configuration across the board makes OS image configuration, updating, and longevity a factor in the cost of supporting that hardware.

We do not build workstations here in our shop. Having people tied up building systems is not an equitable proposition. There is one exception to that rule: Our training labs, our own workstations, and any special order high performance boxes.

The exception to that rule gives us hands on experience with the systems we support at client sites. It gives us the ability to formulate new configurations based on new hardware coming down the pipe. And, we are able to learn the hardware and software products through and through to make sure we are knowledgeable in their inner workings ... or not workings.

Intel, by the way, has a two year product cycle commitment for their corporate class components.

We have a very reputable OEM System Builder in Edmonton that we turn to for our client workstations. They are also the location we can take any warranty related issues to and have them addressed in very short order. We have been working with them close to ten years now.

Some food for thought for the smaller I.T. shops out there.

Our default Corporate Class configuration:
Besides that Sameness, the above system configuration is stable, relatively quick, and provides the Intel AMT support for remote firmware/BIOS level support.

Oh, and the configuration comes with an awesome support mechanism via our OEM and Intel.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Vista - Stop 0x0000004e - PFN List Corrupt

We were putting together a new Vista x64 box for some VMs to run on Virtual PC.

We went to install Vista Ultimate SP1 x64 and received a strange BSOD:

Stop 0x0000004e PFN_List_Corrupt
Now, this box has been used once or twice in the past couple of months. However, it was behaving quite strange. So, yesterday we put in a new set of drives for the RAID 1 array and went to reinstall the OS.

Thinking that the problem may have been with having too much RAM, even though SP1 is not supposed to have that problem, we pulled the two 2GB sticks leaving 2GB in the machine.

Sure enough, the OS installed.

After a shutdown and reinstall of the 2GB sticks we started seeing the system behave strangely to the point where it would not function at all.

We rebooted, hit the F8 key to get into the boot selection key, then it ESC to get to the Memory Diagnostic Tool.

This is what we were greeted with:


Windows Memory Diagnostics Tool

Yes, we have a hardware problem. At least it is now confirmed.

Once the system had rebooted as indicated it would when the test was finished we saw:

Bad Memory

Too bad the DQ35JO doesn't light up the slot the bad memory is in like the server systems do.

After a little bit of troubleshooting, we had the culprit and put in to Kingston for an RMA.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Further to NAP - Win2K8 Server Security Guide Available

Further to this morning's post on NAP is in SBS, Rodney of the CanITPro blog posted a comment about some videos:
He points to this PDF document: Heroes Happen {Here} Lab Guide (PDF Document)

The links to the needed VHDs and the like are active in the PDF. Check it out, because there is a huge amount of reading condensed and organized according to the proper flow of things.

Also, just in time for the long weekend too, some reading on Windows Server 2008 Security:
There are three download links on the Microsoft Download Site.

Since we are focused on SMB, there is a real need for us to keep abreast on the hows and whys of proper security configuration for the network infrastructure as well as the hardening of our servers to reduce the attack surface.

Security is one of the principle reasons why Server Core is such an awesome option for specific network infrastructure needs.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Tuesday, 26 August 2008

Some signs that we have a hard drive problem

Whether we are talking about a server, a workstation, or particularly a laptop, there are a number of surefire indications that we are at the beginning stages of a hard drive problem:

  • The OS takes an inordinately long time to boot up.
  • A particular application like Office or a Line of Business App takes a long time to fire up.
  • Random lock ups with no respite but a reset.
  • Seemingly mysterious data corruption.
    • More likely on a RAID array member degrading.
  • Mysterious RAID 1 mirror breaks.
  • Server: Event ID 55s.
The clincher, in about 95% of the cases we come across is the boot time for the OS. Occasionally we get a call because of a missing file like NTLDR.sys or the like. But, those occasions come few and far between.

One thing to keep in mind: The user may never clue into the long boot times until they are asked during an on-site visit if anything peculiar is up ... or if the OS finally throws an error and they no longer have a workstation/laptop to work on.

One of the benefits to our clients that we provide bi-weekly backup rotations for is our regular visits. In some cases, we now expect to spend anywhere from an hour or more answering the various questions users have gathered up over the previous couple of weeks.

That in-person presence is really valued by our clients.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

TechNet Plus: SQL 2008 RTM bits available for download

A little behind the gun on this one:


TechNet Plus: SQL 2008 Downloads

With our being on the SBS 2008 beta, a couple of test runs at installing the product were done in the blind ... meaning no reads.

Needless to say, we did not get very far. :)

Things have changed a bit on the install and configuration front between SQL 2005 and SQL 2008. Time to do some reading.

Some related links:

That last one could be very important for us SBSers in relation to SBS 2008 Premium Edition with SQL 2008 included.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - We have NAP!

One of the killer new security structures in Windows Server 2008 is Network Access Protection (NAP).

Essentially, NAP gives us the ability to delimit who can or cannot access a given network in any way by the status of the updates, antivirus, and other software components of the system the user is trying to connect with.

It was a question that up till now, was not clear as far as SBS 2008: Will we, or won't we have NAP on SBS?

This aught to clear that question up:


Network Access Protection

Now, who was paying attention when the many different Microsofties over many different "Longhorn" presentations over many different conferences over many different years, prior to Microsoft Windows Server 2008 was released, demoed NAP?!?

In our case, while the ears were definitely perked during the product explanations, demos, and some configuration demos, there is definitely lots room to learn the ins and outs of configuring NAP.

Microsoft Press has a book on the topic too: Windows Server 2008 Networking and Network Access Protection (NAP).

NAP will be very high on the To Do list for configuring and figuring out on both of our SBS 2008 test beds RPQ (Right Properly Quick).

We have a number of clients who are anticipating SBS 2008 for this fall ... so we need to be prepared as some of them are particularly conscious of any foreign system plugging into their networks.

And, we are really gearing up ourselves with internal changes in anticipation of SBS 2008 deployment in the next month or so.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Monday, 25 August 2008

Test post

Please ignore this one. I will really have to watch my spelling if posting from here!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
http://blog.mpecsinc.ca

Sent from an SBS integrated Windows Mobile Device.

SBS 2003 Open Value License Part Numbers

Any clients we are picking up or upgrading we are putting into an Open Value License with the 3 year spread payment option.

Here are some Open Value license + Software Assurance part numbers for you:
  • T75-00927: SBS 2K3 Premium with 5 CALs
  • T74-01746: SBS 5 User CAL Pack
  • P73-01420: Windows Server 2003/8 Standard

Office 2007:

  • 269-09046: Office 2007 Pro Plus
  • 269-09061: Office 2007 Pro Plus Software Assurance ONLY (for clients with Licenses)
  • W87-00356: Office 2007 Small Business Edition
  • 021-07257: Office 2007 Standard
  • 076-03395: Office Project Standard 2007

Desktop OS:

  • 66J-01418: Vista Business with Vista Enterprise Software Assurance Up + SA.
  • WSB-00073: Microsoft Desktop Optimization Pack (shown per month - need 12/seat)

System Center Essentials:

  • UCH-00357: Microsoft System Center Essentials - license & software assurance
  • DJA-00834: Microsoft System Center Essentials Server Management License - license & software assurance
  • 4PX-01112: Sys Cntr Essntls ClientML Sngl Lic/SA Pack OLV 20 NL 1YR Acq Y1 Promo
  • A5S-00457: Microsoft System Center Data Protection Manager - License & software assurance - 1 server - additional product, 1 Year Acquired Year 1 - Open Value - Win - English
  • CVA-00079: Microsoft System Center Data Protection Manager Standard Server ML - License & software assurance - 1 operating system environment (OSE) - additional product, 1 Year Acquired Year 1 - Open Value - Win - Single Language
  • SNA-00274: SYST CTR VRTL MACH MGRWGE SNGL LIC/SA PACK OLV NL 1YR ACQ Y1 PROMO
Remember, right now the best value on the planet for our clients is an Open Value Agreement on their new SBS 2003 purchase.

What client is going to argue with a substantially reduced price for the upgrade:
  • Included
  • Free
  • Aux Gratis
  • Etc ...
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Saturday, 23 August 2008

SBS 2008 test network setup = business opportunity juices flowing

We have two SBS 2008 setups that we are working with right now:
  1. The Springer Spaniels Limited SBS 2008 setup that is being used for Harry Brelsford and my upcoming SBS 2008 Blueprint book.
  2. The MPECS Inc. tear it apart and put it back together a hundred times network.
Both setups run behind our ISA 2004 SP3 SBS integrated setup.

In preparation for migrating to SBS 2008, we are getting ready to accomplish a Swing migration of our internal domain to a new hardware set without ISA though. We will be putting ISA on its own 1U in our rack setup to facilitate the upcoming migration to SBS 2008 RTM.

To have a true test environment for SBS 2008, we wanted both of our SBS 2008 boxes (both are on actual hardware at this point) exposed to the Internet as any production SBS 2008 box would be.

We have multiple static IPs bound to ISA's Internet adapter, so setting up the publishing on that side is fairly straight forward.

But, to keep the SBS 2008 environments separate, we have a couple of D-Link DI-604 consumer routers providing the required barrier between our internal network and the test beds. ISA is then setup to allow communication from the routers to the Internet only.

One of the things that we have learned as a result of messing around with this particular setup, and have mentioned before, is that we can have a client in another country buy a box, unpack it, and get it all ready to go.

We would send a small package containing a USB Flash drive with the SBS Answer File and whatever third party firewall appliance they have chosen already configured to allow our IP to TS into the SBS 2008 box.

A simple coaching on the phone, via MSN, online VOIP, or whatever method gets the SBS install up and running within minutes. A couple of hours later, we are into the box via RDP, running those wizards, and once the Remote Web Workplace is live, we kill the TS forward on the firewall appliance until needed.

Think about the business opportunities this methodology affords. It is one step closer to infrastructure management with the appropriate monthly fees ... post SBS 2008 install. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - Free Beta Exam 71-653 until September 12

Via Susan Bradley: Windows Small Business Server 2008: 71-653 (TS: Windows Small Business Server 2008, Configuring).

There are two exam sites here in Edmonton, Alberta.

The one I chose on Jasper Avenue has the exam on the following days:


ProMetric Jasper Avenue: Dates Available

Once the registration details have been set along with the exam date and time, you will need to make sure to enter the promo code SBS8 (obtained via Herleson Pontes blog: FREE BETA EXAM - TS: Windows Small Business Server 2008, Configuring).

You will then receive a confirmation email indicating the registration was successful.

There are two very important reasons to register and take the exam:

  1. It is free!
  2. It is really, really, really free!

Seriously folks, Microsoft is giving us an incentive here. Take the opportunity to crash dive into SBS 2008 over the next couple or three weeks and write the exam for free.

If you pass, it counts!

One last thing: Seating space is limited, and to the Greater Edmonton Area folks reading this blog, the Jasper Avenue location now has one less seat available! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Friday, 22 August 2008

"Anatomy of a malware scam" is a good malware read

Have a few minutes to spare?

How about checking out how creative malware scam artists are getting: The Register: Anatomy of a malware scam: The evil genius of XP Antivirus 2008.

From the article's conclusion:


This should serve as a dire warning to all: be extremely careful what you trust, and question everything that looks even remotely suspicious. For example, no website can run an anti-malware scan on your computer simply by your visiting the site. Any site that purports to do so is almost certainly run by criminal gangs.

No website should ever offer you to download an anti-malware package as soon as you visit the site. Any site that purports to do so is either run by criminal gangs or by an organization whose business practices are so deceptive that you should never consider doing business with it. A reputable site will present you with product information and then leave the downloading decision up to you, not force it upon you. No software that pushes the purchase decision so heavily in your face is likely to be legitimate.


Part of our responsibility as the go to person for our client's I.T. needs is knowing what the threat landscape looks like.

From there, we can educate them with a simple note every once in a while that provides some dos and don'ts while browsing the Internet.

UPDATE: The above article came via a link that I could not for the life of me find. Go figure ... it popped up when I logged into another machine.

Credit goes to Jesper's Blog: Anatomy of a Hack 2008 ... which is a good read in and of itself. My apologies for originally missing the credit Jesper!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Thursday, 21 August 2008

It is official - SBS 2008 RTMs today

The Official SBS 2008 Blog: SBS 2008: Released to Manufacturing.

The private beta was quite the journey from the early beta beginnings to the current Release Candidate.

The SBS Dev Team was very responsive to all of the beta participant's questions, queries, mistakes, and otherwise and untoward tremendous volume of input on the private and eventually the public NewsGroups and via Connect.

It was neat to see the development process move forward from the early days to the now RTMd SBS 2008.

We do belive believe SBS 2008 is an awesome product, and can see huge opportunity built into SBS 2008's new features and abilities.

We also believe that the SBS Dev Team has indeed built a very worthy successor to SBS 2003. SBS 2003 is an awesome product that placed the bar very high.

SBS 2008 promises to raise that bar even further for our clients and for us as we discover and work with all of the new SBS features and abilities.

We do believe our clients will benefit from those new features and abilities and have been structuring our hardware upgrades and OS licensing around Microsoft's Open Value Licensing for all of our SBS 2003 client refreshes in order to take advantage of all that Software Assurance will offer when the time comes to move into SBS 2008.

Congratulations to the SBS Team for a great milestone and a great product! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 and Custom Reports - Share yours ...

Looking for a small way to help the greater SBS community?

Then the SBS Code Plex is for you.

The site has been put together for people to share their custom report queries they have created for SBS 2008. Susan Bradley has left an email address on the site to get in touch with her so that you too can contribute code.

You will need to register with the site and include your CodePlex username in the email to Susan in order for her to add you to the group of contributors.

For SBS 2008 reporting, a lot has changed. And, one of the most significant changes is the ability to really work those reports to put out information that is very relevant to our particular client environment.

Links:
For those of us who are not into coding, this new development on the SBS front will be a little daunting. So, check out the code that has been shared on the site so that you can get familiar with the code structure.

After creating a few custom queries, they should come fairly easy.

Also, this is a good way to get comfortable with getting introduced to PowerShell if you have not seen it yet!

And, of course, feel free to download the code and implement it on your SBS 2008 installations as you require!

Way to go SBSers!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Tuesday, 19 August 2008

SBS 2008 - Wizard cannot configure Remote Web Workplace - Internet Address Management Error

There are many ways to learn a lesson ... for some of us the methodology falls into the "trial by fire" category.

Those lessons can come hard and fast when life is running at 115% ... which is virtually near meltdown.

And, not paying attention to the SBS 2008 AnswerFile help (previous blog post containing the help) is a sure fire way to find one of those lessons very quickly!

On to the problem at hand:

Internet Address Management Error Details

The server cannot configure Remote Web Workplace. To correct this problem, run the Fix My Network Wizard

Okay, this is really strange!

The kicker: Remote Web Workplace works from the Internet! But, as soon as the link to the internal Companyweb SharePoint site is clicked, the browser URL monitor at the bottom right of IE flashes http://sites/ and then a Page Cannot Be Displayed error.

This particular install of SBS 2008 RC1 was the fourth run at it. The first two cratered to what turned out to be bad sectors on one of the RAID 0+1 array members.

So, by now things were getting to be a little more than frustrating.

After running the Fix My Network wizard to try and correct the problem, we were getting absolutely nowhere.

In an email exchange with the Dev Team via the Microsoft Connect Web site it was discovered that a setting in the AnswerFile was the culprit ... mea culpa.

Here is a mock up of the answer file as it was used to run the four setup attempts:


SBS 2008 Answer File: Wrong Setting

And, here is what the answer file looks like when the setting is correct (to see side by side right click and Open in new Window for both):

SBS 2008 Answer File: Right Setting

If you catch the error, good for you! ;)

Just to recap from the AnswerFile Help:

Certification authority name (optional)
The name of the certification authority that you want to use. If you leave this field blank, Windows SBS 2008 uses the internal domain name and the server name (syntax -) to generate a self-signed certificate (for example, Contoso-Server1-CA). This is the name in the Issued By field when you view the certificate from the Internet.
Important: Do not use the domain name as the certification authority name.

The setting that we had: remote.mpecsinc.ca

The setting that we should have had: [blank] or something like MPECS Inc. as indicated in the correct AnswerFile.

Notice, that a quick reading of the AnswerFile help may not yield the best results ... as is the case here. 8*/

A closer read of the particular section in question, Certificate Authority Name, clearly indicates what this particular field is for:

Issued by: Springers Ltd

So, we now have a very valuable lesson learned: We need to pay closer attention to the instructions. ;)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBSC: Microsoft invests in us ... if we invest a bit in us too

When building our business, there is no magic bullet to success.

Ultimately, it takes a lot of hard work... and a lot of time. Vlad makes a good point in this direction: There are no rewards for just doing your job.

For the Small Business Specialist Community, Microsoft is offering us an opportunity to learn with a small monetary investment: Microsoft Online Peer Groups.

Eligibility criteria are as follows:
  • Have to be a current Microsoft Small Business Specialist
  • Passed the SBS 70-282 Exam
  • Fluency in English (open to partners worldwide)
  • Commitment to participate includes attending peer group sessions and completion of homework
  • Pay USD $600 for participation (partners that successfully graduate will receive a free ‘for resale’ copy of SBS 2008 Standard Edition)
Being a part of a peer group is very challenging. That challenge comes in the form of being challenged by my peers to grow and in turn my challenging them to grow.

Check it out ... it may be one of the better professional development opportunities around.

Note that there is a deadline for the end of this month.

Courtesy of Sean Daniel: Exclusive Opportunity for SBS Specialists and Partners!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - The SBS Answer File Help File

This file can be found under DVD:\Tools\answerfile.htm on the SBS 2008 DVD 1 media.

If you do not have a beta copy of SBS 2008 yet, then this is your opportunity to get to know how to use the Answer File setup for SBS 2008 to streamline your server installs.

Staying consistent in our installs provides a good foundation for troubleshooting when issues arise.

Here it is verbatim (formatted for simplicity):

Tell Me More About Using Answer Files

An answer file serves the following purposes when you are installing the Windows® Small Business Server 2008 server software (Windows SBS 2008):
  • Provides information that is automatically entered into the Windows SBS 2008 installation pages. You can use an answer for either a new installation or a migration to Windows SBS 2008.
  • Helps value-add professionals build new servers before taking them to the customer site for final configuration.
    • Note:If you are migrating from an existing server to Windows SBS 2008, you must perform all of the installation steps at the customer’s site.
    • Note: The Getting Started tasks must be completed at the customer site.
  • Triggers the migration process during Windows SBS 2008 installation.
    • Note: You must use an answer file when you are migrating to Windows SBS 2008. You can also use an answer file for an unattended installation.
The Answer File Tool performs limited validation on the data in the answer file. Follow the instructions in this document to complete each field and to help the installation finish without validation errors.

An answer file automates the configuration of the Windows SBS 2008 installation in either attended or unattended mode for both a new installation and a migration to Windows SBS 2008.


  • In a fully unattended installation, the user or technician interacts with the installation only if there is an error in the answer file.
  • In an attended installation, the answer file is used to populate the fields on each configuration page, and then the user or technician verifies the information and can change any field before clicking Next.

Important
To fully automate the installation on a server that has a preinstalled operating system, you must also use the OOBE.xml answer file for the operating system phase of the installation.To fully automate a clean installation on a server, you must use the autounattend.xml answer file. When you use autounattend.xml, you cannot specify a drive letter other than the C drive. Windows SBS 2008 can be installed successfully only on the C drive. For information about creating an answer file using the Automated Installation Kit (AIK), see “Automated Installation Kit (AIK) for Windows Vista SP1 and Windows Server 2008” at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=115680).

To create an answer file, complete the following steps:

  1. Collect the information for the answer file (for either an installation or a migration).
  2. Run the Answer File Tool.
  3. Copy the answer file to the root of a drive on the new server or any removable media.
Step 1A. Collect the information for an automated installation answer file

If you are installing Windows SBS 2008 on multiple servers for different customers in your office before taking the servers to the customer sites, ensure that the DNS name is unique on your local network or that each server is connected to a separate network during the installation. You must also choose names that are unique to the customer site.

The following tables explain the information that you need to enter in the Answer File Tool for a new installation.

Clock and time zone settings

Clock and time zone settings
  • If you choose to manually set the clock and time zone, the unattended installation stops, and then it prompts you to set the clock and time zone.
  • If you choose to automatically set the time zone, you must manually set the clock in the server BIOS to the correct time. The system clock cannot be set automatically using the answer file.
Server Information

Server name

  • The name of your new server. This must be a unique name on the local network.
  • Important: You cannot change this name after the installation finishes.
Internal domain name

  • The NetBIOS name of the internal domain—for example, contoso.
  • This must be a unique name on the local network. The domain name and the server name cannot be the same.
  • Important: You cannot change this name after the installation finishes.
Full DNS name

  • The DNS name of the internal (local) domain.
  • You must provide at least two labels for the full DNS name. For example, you can use contoso.local, but contoso alone is not valid.
  • It is recommended that you do not use a public top level domain name, such as .com, as the last label in the full DNS name. This is the DNS name of the internal domain.
  • If you use Apple Macintosh client computers that are running Macintosh OS X 10.2.x or later on your network, see the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=121090) for more information.
  • Important: You cannot change this name after the installation finishes.
Company Information

Company information (optional)
  • The name and address of the business. This information is used for settings on your server and is not sent to Microsoft.
  • You can edit the company information later. To edit it, in the Windows SBS Console, click the Help list menu, and then click Edit Company Information.

Certification authority name (optional)

  • The name of the certification authority that you want to use. If you leave this field blank, Windows SBS 2008 uses the internal domain name and the server name (syntax -) to generate a self-signed certificate (for example, Contoso-Server1-CA). This is the name in the Issued By field when you view the certificate from the Internet.
  • Important: Do not use the domain name as the certification authority name.

Network administrator account

Network administrator account

  • This is the new administrator account name that is created when you install Windows SBS 2008. For a new installation, after the server restarts for the final time, you are logged on using this administrator account and password.
  • First name: First name of the administrator.
  • Last name: Last name of the administrator.
  • Administrator user name: User name or alias for the new network administrator account. The user name must consist of the following:
    • Can contain only valid characters: A-Z, a-z, 0-9, and the symbols _ # $ % & ’ - ^ { } ~ !
    • Cannot begin or end with a period
    • Cannot contain two periods in a row
    • Cannot be a reserved name (for example, Administrator)
    • Cannot be the same name as the computer or server name

Administrator password

  • Password for the new network administrator account.
  • The password that you provide must be complex. If you do not provide a complex password, the unattended installation stops so you can provide the complex password. A complex password is at least 8 characters long and contains at least three of the following:
    • Upper case letters
    • Lower case letters
    • Numbers
    • Symbols

Note: For a new installation, you can either specify the network settings or allow the installation wizard to configure them for you. If you are installing Windows SBS 2008 on multiple servers in your office before taking them to the customer sites, consider the following:

  • If you specify network settings that are specific to the customer’s network configuration, you may not be able to access the Internet during installation to get updates from your own network.
  • If you specify settings appropriate to your own network, you may need to change them when you deliver the server to the customer site.

If you want to specify the network settings, you need the following information.

Network Settings

IP address (optional)

  • The IP address that you want to assign to your server. Ensure that the IP address is in the same subnet range as the IP address of the local area connection (LAN) on your router and that the IP address is not currently used on the network. If you select the Manually choose the network settings option and do not specify the IP address, the answer file cannot be saved.

Default gateway (optional)

  • The IP address that is assigned to the local area connection on your router.

Try Windows Live OneCare for Server and Forefront Security for Exchange Server

Windows Live OneCare for Server

  • You can choose to install a trial version of Windows Live OneCare for Server. OneCare helps protect against viruses, spyware, and other malware, and it provides other security, backup, and performance optimization services for your server. The trial version is a complete, fully functional version of OneCare with a 120-day trial period that begins after you complete the OneCare installation wizard.
  • You can also install the trial version of OneCare on client computers. For information about installing OneCare on client computers, see the Windows Live OneCare home page at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=121102).
  • Important: You can install OneCare only if the language you are installing is supported for the full OneCare product. For information about which languages are supported, see “Frequently asked questions about Windows Live OneCare” at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=121101).

Forefront Security for Exchange Server

  • You can choose to install a trial version of Forefront Security for Exchange Server. Forefront Security for Exchange Server provides a virus protection service for e-mail. The trial version is a complete, fully functional version of Forefront Security for Exchange Server with a 120-day trial period that begins after you complete the installation wizard.
  • For more information about Forefront Security for Exchange Server, see the Forefront Security for Exchange Server home page at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=121103).

Step 1B. Collect the information for the migration answer file

The following tables list the migration settings that you must define in the Answer File Tool.

Clock and time zone settings

Clock and time zone settings

  • If you choose to manually set the clock and time zone, the migration stops, and then it prompts you to set the clock and time zone.
  • If you choose to automatically set the time zone, you must manually set the clock in the server BIOS to the correct time. The system clock cannot be set automatically using the answer file.

Company Information

Company information (optional)

  • The name and address of the business. This information is used for settings on your server and is not sent to Microsoft.
  • You can edit the company information later. To edit it, in the Windows SBS Console, click the Help list menu, and then click Edit Company Information.

Certification authority name (optional)

  • The name of the certification authority that you want to use. If you leave this field blank, Windows SBS 2008 uses the internal domain name and server name (syntax -) to generate a self-signed certificate (for example, Contoso-NewServer-CA). This is the name in the Issued By field when you view the certificate from the Internet.
  • Important: Do not use the domain name as the certification authority name.

Source (Existing) Server Information

Domain administrator account name

  • The user account name of a domain administrator in the existing domain.
  • Note: This account must be a member of the Domain Admins, Enterprise Admins, and Schema Admins groups. When the first phase of the migration finishes, the server restarts and automatically logs on using this administrator account.

Password

  • The password that corresponds to the domain administrator account name.
  • Note: The domain administrator account password cannot be blank. If it is, you must either change it for migration or create a new domain administrator account that has a password.
  • Note: It is recommended that you create a new domain administrator account on the Source Server instead of using the built-in Administrator account.

Source Server name

  • The name of the server from which you are migrating settings and data.

Source domain name

  • The full DNS name of your organization's internal domain—for example, contoso.local.

Default gateway

  • The IP address that is assigned to the router on your network.

Source Server IP address

  • The IP address that is assigned to the Source Server.

DHCP is running on the Source Server

  • Select this box if the DHCP service is running on the Source Server. It is recommended that the DHCP service run on the Destination Server. If you are running the DHCP service on the Source Server, it is moved for you during Windows SBS 2008 migration. If the DHCP service is running on another server or device, you must manually disable it on that server or device.

Note: The domain administrator user name and password that you supply in the answer file are also set as the Directory Services Restore Mode (DSRM) password. If for any reason you need to log on to the server in DSRM, you must use the same user name and password that you specified during migration. These passwords do not synchronize automatically, so if you change the password for your administrator account on Windows SBS 2008, you must continue to use the old password to log on to the server in DSRM.

Destination Server Information

Destination Server name

  • The name of the server to which you are migrating. You will install Windows SBS 2008 on this server. This must be a unique name on the local network. The Destination Server name cannot be the same as the domain name. Also, the Source Server name and the Destination Server name cannot be the same.

Destination Server IP address

  • The IP address that you want to assign to the Destination Server.

Try Windows Live OneCare for Server and Forefront Security for Exchange Server

Windows Live OneCare for Server

  • You can choose to install a trial version of the Windows Live OneCare™ for Server computer protection and maintenance software and services. OneCare helps protect against viruses, spyware, and other malware, and it provides other security, backup, and performance optimization services for your server. The trial version is a complete, fully functional version of OneCare with a 120-day trial period that begins after you complete the OneCare installation wizard.
  • You can also install the trial version of OneCare on client computers. For information about installing OneCare on client computers, see the Windows Live OneCare home page at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=121102).
  • Important: You can install OneCare only if the language you are installing is supported for the full OneCare product. For information about which languages are supported, see “Frequently asked questions about Windows Live OneCare” at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=121101).

Forefront Security for Exchange Server

  • You can choose to install a trial version of Microsoft Forefront™ Security for Exchange Server. Forefront Security for Exchange Server provides a virus protection service for e-mail. The trial version is a complete, fully functional version of Forefront Security for Exchange Server with a 120-day trial period that begins after you complete the installation wizard.
  • For more information about Forefront Security for Exchange Server, see the Forefront Security for Exchange Server home page at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkID=121103).

Step 2. Run the Answer File Generator

Note: To run the Answer File Generator, you must have the Microsoft .NET Framework 2.0 or later installed on the computer that you are using to create the answer file. To install .NET Framework 2.0, see the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=81886).

To create an answer file for an automated installation

  1. On a client computer or a server, insert the first Windows SBS 2008 DVD, navigate to the Tools folder, and then double-click SBSAfg.exe. The Answer File Generator opens.
  2. Click New installation.
  3. Type the information that you collected in Step 1A.
  4. Save the answer file as sbsanswerfile.xml.

To create a migration answer file

  1. On a client computer or a server, insert the first Windows SBS 2008 DVD, navigate to the Tools folder, and then double-click SBSAfg.exe. The Answer File Generator opens.
  2. Click Migration from existing server (Join existing domain).
  3. Type the information that you collected in Step 1B.
  4. Save the answer file as sbsanswerfile.xml.

Step 3. Copy the answer file

Copy the answer file to the root of either a USB flash drive or a USB external hard drive. Connect the USB drive to the new server, or copy the answer file from the USB drive to the root of any drive on the new server. Then start either installing or migrating to Windows SBS 2008. If the Windows SBS 2008 installation wizard detects a migration answer file, the migration process starts automatically.

Warning: The answer file contains logon and password information that can be used to gain access to your server. To help protect your server, when you finish installing Windows SBS 2008, delete the answer file.

Troubleshooting the answer file

When running an installation (either new or migration) using the Windows SBS 2008 Answer File, you might encounter an error if the server cannot read information in the answer file. This can occur under the following circumstances:

  • The Windows SBS 2008 Answer File Tool is not formatted correctly.
  • The answer file contains corrupt data.

If you encounter an error when running the answer file, take the following steps to verify the contents of the answer file:

  1. If possible, using the Windows SBS 2008 Answer File Tool, open the answer file.
  2. Review the installation information, and then save the file.
    • Note: If you receive an error that the file cannot save, close the file, and then recreate a new answer file with the same information.
  3. Click Retry. If you did not continue past the Continuing Installation page, you can restart your server to try and read the answer file again.

Important: You should not open the answer file and edit it directly. Doing so can introduce errors in the file format.

Other general troubleshooting tips

If you cannot start the installation with the Windows SBS 2008 Answer File, check the following:

  • Make sure that the removable media that contains the answer file is plugged into and is recognized by the server. If the server does not recognize the removable media, try using different removable media.
  • Make sure that the answer file is saved with the file name sbsanswerfile.xml. If an error exists in the file name, rename the file to correct the error, and then restart the server.
  • Make sure that the file sbsanswerfile.xml is located in the root of the removable media that you are using. If it is not, move or copy the file to that location and then restart the installation.

Copyright: This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2008 Microsoft Corporation. All rights reserved.

Microsoft, Forefront, OneCare, and Windows are trademarks of the Microsoft group of companies.

All other trademarks are property of their respective owners.
--------------------------------------------------------------------------------

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Monday, 18 August 2008

An invoice from my accountant?!?

My best friend was telling me over the weekend that his business received an invoice from his accountant ... but his bookkeeper was telling him that it was paid a long time ago.

A phone call was placed to the accountant to find out what was up.

It turned out that they had an unrecoverable disaster. And no good backups.

Would you want them to be your accountant?!?

They were essentially fishing to figure out the who/what/where/when for their clients to call back wondering what was up.

Our accounting clients know exactly what that means (among other things): How do we role forward?!?

As business owners, we have the right to ask anyone who handles our business data, or even our personal data, what type of backup setup they have and whether it is tested.

This bears repeating: We should always know how our data is backed up and whether it is recoverable or not at any service provider's location ... including within our own business.

So ... are your backups tested?

And for those supporting client I.T. infrastructure: Are your client's backups tested?!?

And one more: Have you recovered an SBS box yet ... via the built-in or third party backup? The worst place to find out how difficult and precarious the whole recovery scene is right in the middle of one. There are a lot of stresses then ... who needs another one?

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Friday, 15 August 2008

Live OneCare Online Freebie Scan

Need a quick snoop through a system that may not have A/V or its A/V is seemingly not working?

Windows Live OneCare Free PC Safety Scan.

A Service Agreement will need to be accepted, then an ActiveX program will need to be installed on the system to enable the scan. Make sure to disable pop-up blockers for this site.

Once the ActiveX program is in place, the following will be presented:


OneCare safety scanner beta (for Vista)

This particular screenshot comes via one of our x64 Vista machines.

Note that the UAC will happen for the ActiveX install, and the initialization of the downloads that happen after clicking the Next button above.

Once the downloaded programs initialize themselves, the scan proceeds:

OneCare safety scanner beta: Status: scanning your computer.

The safety scan took about 3 minutes to run on this system.

Once finished, we were in the clear ... and we got an ad asking us to protect our PC with WLOC.

No viruses or spyware found

The above all-clear screen is what followed the "No thanks" to the ad request screen.

We chose to share the results with Microsoft.

All in all, this could be the out one may need when a virus prevents the installation of a local A/V product ... hopefully.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS - Quoting Apples to Apples

When in a competitive situation for a new SBS install, here is one of the outlines we provide our prospect with:
  • Small Business Server 2003 Premium R2 standard components installed, configured and updated properly.
    • There are many post installation tweaks required not necessarily documented in the SBS files.
  • Small Business Server 2003 Premium Technologies:
    • ISA 2004 with SP3 must be installed and configured properly.
      • Secures the local email server, Remote Web Workplace functionality, etc.
      • Secures and directs only appropriately formatted Web requests to your IIS6 server behind SBS/ISA. (second Win2K3/8 IIS server)
    • SQL 2005 setup and prepared for line of business or robust SharePoint installation.
  • Small Business Server 2003 R2 Technologies
    • Installed and configured correctly as well as updated.
  • Remote Web Workplace is setup to allow secure access to email, SharePoint, and company desktops.
  • The SBS Wizards are used to properly configure the domain.
  • The SBS Wizards are used to properly configure users and the user’s computers on the domain.
  • The A/V solution is properly integrated.
  • Backup solution is configured and TESTED for recovery. We put the RECOVERED server into production so that you can be assured that we know what we are doing if things go sideways.
  • All client data is organized and restructured according to the SBS setup ... and all user profiles are migrated appropriately.
  • My Documents are redirected to the server for data retention and backup purposes.
  • More ...
It is one thing to say, "I can do it cheaper and faster than the other guy". But, it is another thing altogether to actually provide a properly configured SBS Premium installation with all of its nuances and tweaks in that time.

When quoting time, we use a paraphrase of some of my favourite Star Trek Engineer's philosophy: Quote 2 hours and get it done in 1.

To put it another way: Under promise and over deliver.

A stipulation in our proposal states:

A deposit is required on our invoice to initiate the project. We will bill for the actual amount of time taken on the project up to and including the maximum time quoted.

Any unforeseen circumstances that will have a direct impact on the amount of time quoted will be discussed once discovered. If additional time will be required, an approval in writing must be obtained in order to proceed.

In addition to the above brief list, we provide a pretty detailed breakdown of all of the stages from start to finish required to bring the project online.

Unforeseen circumstances are those that fall outside of that very detailed list. And, our prospect, or now client understands that.

Another aspect to providing these lists: The prospect will see in plain detail that we know our stuff. Our lists are broken down in such a way that they can see the flow of events right down to the SBS install phases.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Wednesday, 13 August 2008

SBS - Remote Web Workplace stalls at Loading ...

We have had an SBS server that would stall at the Loading portion after logging into the Remote Web Workplace (RWW) consistently.

With virtually no information on the problem, or perhaps the wrong key words being searched for, there apparently was no solution to the problem.

Yesterday's post on the Terminal Server link in RWW not showing up actually triggered a realization: There was once a Terminal Server on this particular network that had since been replaced by virtualized desktops.

Ahhh....

Sure enough, after logging in to the server and verifying the HKLM\Software\Microsoft\SmallBusinessServer\RemoteUserProtal\KWLinks\AppTS=1 HKLM\Software\Microsoft\SmallBusinessServer\RemoteUserPortal\KWLinks\AppTS=1 setting was indeed at 1, we reset it to 0, rebooted the server and voila!

We no longer have this huge stall when users log onto the RWW.

The puzzling part of the problem was the fact that the admin account did not experience this issue.

But, we now have things running smooth again, so our client users are happy.

UPDATE 2008-12-20: Eyes must have been crossed! Portal was incorrectly spelled out in the original post.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Tuesday, 12 August 2008

Followup to the Lenovo post

My dad made a good point about the previous post on Lenovo's products:
Lenovo x61 Tablet and other problems.

That point was that our client's choice to run with Lenovo for their laptop needs was just that: Their choice.

As much as we may hold a trust relationship with our clients to the point where our suggestions carry a lot of weight, in some cases there are other reasons for them to make choices that we may not, in our opinion, consider to be in their best interests.

When that happens, we can make suggestions about the hows and whys with regards to that choice, but the "I told you so" should never cross our mouths when things seemingly do not work out for them.

Yes, that choice has cost our clients in many ways: From the extra setup time due to the ThinkVantage software updates and configuration, expensive data and laptop recoveries due to ThinkVantage software that does not work as advertised, warranties that fail to provide solutions, to the ThinkVantage software that interferes with our ability to provide remote support.

Lenovo, in our experience, is not a product manufacturer we would recommend to our clients based solely on supporting their products at our current client sites.

That experience is balanced by our supporting Acer, Toshiba, Panasonic, Voodoo, and many other laptop vendor's products.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Lenovo x61 Tablet and other problems ...

This has been a pretty tough week already. And, Lenovo is definitely not contributing to the happiness factor right now. :(

Our one client is continuing to have nothing but grief with their Lenovo X61 tablet (previous blog post). After a number of on-site visits by the warranty contractor that included a number of motherboard and hard drive changes, Lenovo will not stand by their product and supply our client with a new unit.

They have lost untold hours of productivity across over a month now. Relatively, those costs have translated into the ability to have purchased a new unit several times over by now.

So, ultimately, what value have they received for the purchase of the extra on-site warranty and time extension? -$$$$.$$

We have another client where one of the managing partners has picked up a Trojan on their Lenovo laptop. The unit is around a year old now.

The security setup in the Lenovo software does not allow us to provide Remote Assistance, or even connect to the laptop via RDP. Now, there may be a setting in the security software setup to allow for these services, but it has not been found yet.

The partner has moved to an identical laptop where that machine's user is now on vacation.

Caveat: Once the Lenovo user has initiated and secured the laptop to their fingerprint, no one else can sign into that laptop. Again, this may be a software setting in the Lenovo security software, but we have not found it yet.

So, we need to change the vacationing user's password so that the partner can gain access to the network, then connect to their Outlook profile via OWA as a temporary measure. This means that we will be getting a phone call from the vacationing user as soon as they try and RWW or OWA into the system.

Tie these experiences into our recovery struggles on the Lenovo laptops here, and here, and we are definitely none too pleased with Lenovo's products and their (lack of) product support.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Terminal Server not showing up in Remote Web Workplace

This one is via the SBSC SBS Newsgroup: After setting up a new Terminal Server on the SBS2K3 network, the "Connect to my Application Server" link is not appearing in RWW.

Remotely edit the SBS and Terminal Server's registry and look for the keys:
  • On SBS:
    • HKLM\Software\Microsoft\SmallBusinessServer\RemoteUserProtal\
      KWLinks\AppTS=1 (wrapped on purpose)
  • On the TS:
    • HKLM\System\CurrentControlSet\Control\Terminal Server\TSEnabled = 1
    • HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat = 1
If one or both of the keys are not present, create them with the values indicated. If the value for the key is anything but "1", then edit the key to change that value.

We need to make sure that the Remote Registry service on the TS box is running, and that the firewall has the appropriate ports open to serve TS or the firewall is off altogether.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Why we need at least one dedicated desktop for RWW

For our clients that have over 7-8 seats we tend to setup a dedicated box for a remote desktop via the Remote Web Workplace (RWW).

If our client has more laptops than desktops, we then look at the option of setting up a second box or a box with Server Core and Hyper-V to host 3 or more desktops depending on the client's size.

Why go through the extra expense of having dedicated remote desktops?

How many of our clients have a user at every PC workstation? We would be willing to bet that pretty much all of them do. Yes, we have the VPN. But, that only works well if a few connections are in use depending on the size of the ISP connection.

So, if a user needs to have access to a desktop within the organization, such as one of the managing partners of an accounting firm whose laptop was showing signs of dying ... while out of town, what do they do?

Here are a number or reasons why having at least one dedicated desktop for remote access is a good thing:
  • Laptop users have a desktop to work from while working off-site.
  • Laptop users whose hard drives show signs of dying can transfer data back to the office and work remotely thus eliminating the possibility of loosing their work and their data.
  • Client sensitive data can be accessed via RWW instead of kept on the local laptop reducing liability due to data exposure.
    • BitLocker can help to reduce this exposure on laptops. But, Vista Ultimate or Software Assurance is required for access.
    • TrueCrypt is another option, but can be awkward depending on the users capabilities.
  • Clients can hire workers to work remotely. Less office space required saving leasing costs.
    • This involves a little psychology as far as the paradigm shift from 9-5 thinking to goal setting and goal orientation for outbound workers.
  • Scheduled flexibility time for workers to work in and out of the office.
    • Summer and off peak times.
    • Parents.
    • Maternity and Paternity leave.
    • Disability leave.
  • A desktop for us to use as a logon point for managing the SBS network. We do not like to log directly into the SBS box via RWW or any other method if we can help it.
Even if the user leaves their laptop in the office to connect to while at home, the dedicated desktop setup tends to be a lot faster for them to work on.

There are any number of really good reasons why this setup works to improve a client's efficiency. We need only be creative in discovering them as we develop an understanding of our client's business.

We always try to demonstrate the RDP via RWW tie in with the Companyweb SharePoint site facing both internally and the Internet via RWW, Outlook Anywhere, and Outlook Mobile Access to the managing partners. When we do, keeping the demonstration to about 30-45 minutes to prevent brain overload, we win the deal pretty much every time.

It pays to know the product ... it really pays to know all of the collaborative features SBS has to offer a firm ... as well as the many facets those features have:
  • Firm productivity.
  • Firm efficiency.
  • Disaster recovery Scenarios.
  • Data protection capabilities.
  • Worker location flexibility.
By knowing the SBS features, all of their updates and augmentation inside and out, we can be better prepared for the oncoming changes to RWW in SBS 2008 including the ability to publish TS RemoteApps. And further to that, we can be prepared to design and implement Cloud based collaborative infrastructures for our clients when the time comes.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Monday, 11 August 2008

Business Contact Manager - Recovery via *.mdf and *.ldf only

We have a relatively new client that has been going through what is turning out to be a month long odyssey of getting their Lenovo X61 tablet working again.

After an initial diagnosis that the hard drive was failing, they made a backup of their data and the Lenovo on-site people showed up and swapped out the drives.

Two hard drives and three motherboards later, we need to get their Business Contact Manager (BCM) data back online.

One slight gotcha though: The only data we have to work with is the original MSSmallBusiness.ldf and MSSmallBusiness.mdf files.

How did we realize that we were facing a gotcha? When we went to import the data via the database management in BCM it did not give us the option to import a *.mdf file.

After some searching about, we came up with the following Business Contact Manager Team Blog post: Restoring a BCM database from SQL .mdf and .ldf files (Windows Vista or XP).

Noting comments in the post about the environment variable used in the script were for Vista, we made sure to point them to the physical files using the full path.

No matter how many ways that script was modified to get it to work, we could not get those files to mount.

This left us in a bit of a pickle. How do we proceed?

Note the command line structure in the script itself. It contains osql commands. And, we SBSers all know where we need the osql commands (previous blog post on taming SQL's memory usage) don't we?

A quick search for sql 2005 sp_attach_db leads us to: MS KB 224071: How to move SQL Server databases to a new location by using Detach and Attach functions in SQL Server.

Since our BCM database is already detached, we need only attach it again.

But, before we try that, we remove BCM off the system altogether.

After making sure that BCM was fully removed from the system, we reinstalled it.

Run services.msc to verify that the MSSSQL (MSSMLBIZ) database instance is up. Do not run Outlook yet because the BCM will try and initialize a new database during its setup phase.

The databases would be located in: C:\Documents and Settings\%username%\LocalSettings\Application Data\Microsoft\Business Contact Manager\MSSmallBusiness.mdf.

We copied the recovered database and log files into the above location.

From there, we ran the following at the command line (assume Enter after each line):


  1. hostname (system will reply with the name of your computer)
  2. osql -E -S MyComputer\MSSMLBIZ (assume MyComputer is your hostname)
  3. use master
  4. go
  5. sp_attach_db 'MSSmallBusiness','C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Business Contact Manager\MSSmallBusiness.mdf','C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Business Contact Manager\MSSmallBusiness.ldf'
  6. go
  7. quit
Note that osql can be run from within the database folder because the SQL binn folder resides in the System Path.

Once we had a successful database and log file attach to the MSSMLBIZ instance and fired up Outlook, all of the BCM content was there.

We then imported the recovered PST file and our client was good to go.

UPDATE 2008-10-15: If you get an access denied error on the attach attempt then BCM is not installed properly. Run BCM, create a new set of dbs (generally MSSmallBusiness2), and then uninstall BCM, copy the original dbs into the directory, and attach again.

If you need help recovering your databases, please drop us a line: BCM Recovery.

UPDATE 2008-11-03: Added the hostname step to make sure you find the correct system name.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.