Friday, 31 October 2008

Webinar was very successful Thanks!

Thank you to all that participated in last night's Webinar with a live ... Though we ran out of time before it was done ... SBS 2008 install!

We were fortunate that we had a backup Hyper-V box on stand-by as the one we were going to use choked when starting the SBS VM!

I had test started it prior to the Webinar and it worked! But I made the mistake of importing an ISA VM onto that Hyper-V box to provide an Internet gateway. So, something happened either during or after the import that caused the existing SBS VM to choke.

Chi, you are right and I stand corrected on there being a difference between RAID 0+1 and RAID 1+0. After seeing your comment, I delved into an online search for clarification. The sites I came up with were not absolutely clear on the distinction or even contradicted each other!

So, if anyone has a good link with good animated diagrams explaining the difference betwwen the two, please post them in the comments.

Thanks for catching me on that one Chi! :)

Thanks also to everyone that took the time to e-mail myself or Harry with affirmations! Being new to the Webinar scene and LiveMeeting can be pretty intimidating!

Want more SBS 2008 Webinars, please feel free to make suggestions!

I would love to do more. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
http://blog.mpecsinc.ca

Sent from an SBS integrated Windows Mobile Phone.

Thursday, 30 October 2008

Server Core - Firewall NetSH Command Line Reference

Configuring the Windows Server 2008 Server Core Firewall via the command line has to be one of the biggest brain busters there is!

There is always a need to figure out how to do something very specific, so we need to come up with a reference point, and that is what this blog post is.

The first place to check:

A really good resource:

This one gives us the necessary commands to open up the firewall to allow for remote management of its settings. And, when it comes to figuring out how to get things happening, sometimes you just can't beat a GUI!

Here are the commands, via the Server Core Blog post, that are crucial to opening things to the point where a remote management session can happen:

  • MMC Snap-in use "(Rule Group)"
  • Event Viewer "Remote Event Log Management"
  • Services "Remote Service Management"
  • Shared Folders "File and Printer Sharing"
  • Task Scheduler "Remote Scheduled Tasks Management"
  • Reliability and Performance "Performance Logs and Alerts" and “File and Printer Sharing”
  • Disk Management "Remote Volume Management"
  • Windows Firewall with Advanced Security "Windows Firewall Remote Management"

On the Server Core box you can enable these by running:

  • Netsh advfirewall firewall set rule group=“(rule group)” new enable=yes

Some additional commands:

  • Show profile settings: Netsh advfirewall firewall show allprofiles
  • Remote Administration: Netsh advfirewall firewall set rule group=“remote administration” new enable=yes

Another good resource: The things that are better left unspoken : Firewall management in ...

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

A Blogging Milestone - Past the 300 Subscriber Mark :) Neat!

We have passed what I have considered to be a subscriber goal for our blog: 300 subscribers!


MPECS Inc. Blog passes the 300 subscriber mark!

That number is pretty kewl. Somehow that number was set in my mind as the point at which we could all sit back and say we are somehow making a contribution to the SBS/SMB community.

When we work as hard was we do for our clients and our community, every once in a while we need to sit back and give ourselves a pat on the back. Affirmation is very important in building up the confidence of those around us to succeed at an endeavour that may seemingly look to be absolutely pointless at times. So, that hard work needs to be recognized.

Thanks to all of you who took up the conversation with me in the comments on the various posts. The comments, your feedback, linkbacks, comments, criticisms, opinions, and pointers have been extremely helpful in broadening our knowledge, understanding, and helping us to grow in our businesses.

It is neat to see how we can work together to help each other out!

Thanks for reading. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Hyper-V Server 2008 - Install Failures

We have not had much in the way of success getting Hyper-V Server 2008 to install.

The idea was to have two servers running SBS 2008 setup routines and post setup routines for our upcoming Webinar: SBS 2008 - Setup Webinar this Thursday.

The server hardware is vanilla Intel Server Systems series stuff:

The first attempt to install from media we created in early October yielded this interesting screen:

Microsoft Hyper-V Server Language Selection

Now, that is not so bad, at least until clicking on the English option in this screen and the subsequent Locale screen and still seeing the alternative language menu in the top left.

Okay, so maybe we grabbed the very first copy off Microsoft's servers and someone had put the wrong version on it: Hyper-V Server 2008 RTM available for download today!

So, we went and downloaded a new copy of the product, and burned it to DVD on the slowest setting possible.

When we started running through the setup routine again, we were greeted with:

Hyper-V Server 2008 Language Selection

Okay, so the language has changed in the top left menu but the language options are down to two?!?

Then, here is the kicker: Thinking that surely we were dealing with a hardware related problem we ran through the Windows Server 2008 Standard install routine and installed Server Core ... in record time. So, there is no problem with the hardware that we can see. It is brand new!

This is the message we consistently received when we would finally get a chance to load the RAID driver:

Device Not Found

Now, the install routine dragged itself out very painfully in between each click, each step in the routine. It did not matter where we were in the setup routine, the time span between clicking on something and the routine actually responding could be 10 or 15 minutes in some cases.

We did update all of the BIOS and firmware components in the server. We even ran through the setup routine with the on board RAID controller just in case. Still no way it would install.

We have another identical server waiting to be built. It will be our new SBS 2008 server. So, just in case ... we will invest a little more time into this install mystery and get that box setup and updated and see if the Hyper-V Server 2008 install routine will run through successfully. If it does, then we know there must be a hardware issue with the original box, if it does not, then we know there must be a problem in the software.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Wednesday, 29 October 2008

SBSC - Winning with Windows Vista Webinar in 15 minutes

Folks, if you have an hour to have a listen, we have a Webinar for you: Winning with Windows Vista.

I will be participating in the Webinar providing some feedback on how we are shaping our client's Vista options via our own passion for Windows Vista and it's features.

A little Partner perspective for Partners! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - OEM OPK Help Documentation Error - Port 443 not 433!

We all have our moments where the fingers seemingly disjoint themselves from our brains! ;)

An important typo to note in the Windows SBS 2008 OEM Preinstallation Kit (OPK) User's Guide:


SBS_OPK CHM file typo wrongly indicates to port forward 433.

Most of us would pick up on the fact that the port is supposed to be port 443 for SSL connections. But, there are a number of us out there who are not familiar with the various TCP and UDP ports, or port ranges, and what they do.

This is another reason why reading the documentation is so important for those of us who are in the know! We get to learn a little more about the product, but we can also discover critical errors in the documentation and let the appropriate people know!

Imagine for a moment, someone has just finished their SBS OEM OOBE and everything is working just as it should until they try to hit the Remote Web Workplace from outside the misconfigured router.

Hopefully the first thing they check was the ports used in the port forwarding. But, if they are not familiar with the correct ports to use in the first place, things would turn into quite the troubleshooting spaghetti fest with the likely possibility of indigestion! :(

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Evaluate SBS 2008 for 240 Days starting Nov. 12!

The official release day for the trial version of SBS is November 12, 2008.

The site you will be able to download or order the trial pack from is here: SBS 2008 Trial. Note that the Essential Business Server 2008 trial will be available

Looking for other Microsoft product trial versions? Then the Microsoft TechNet Evaluation Center is for you.

If the above SBS 2008 Trial link does not work, then the Evaluation Centre one will take you to the correct page.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Tuesday, 28 October 2008

Vista and Server 2008 KB957200 - Reliability Update?

These updates showed up in our SBS 2008 Updates Console:


Update for Windows Vista (KB957200)

Click through to the Microsoft Knowledgebase site for the update and we get a 404.

KB Article Not Found

Do a search on Microsoft's download site and we do get results for KB957200 for all flavours of Windows with a release date of October 26th though.

Before releasing this one to Vista or Windows Server 2008 including our SBS 2008 box, we would really like to see some release notes!

After synchronizing one of our SBS 2003 R2 Premium boxes with WSUS v3 installed the updates did not appear. Hmmm ... strange.

UPDATE: We are declining the update until such time as Microsoft gets the Knowledgebase article live. We need to make sure we know what exactly will be addressed by this update.

UPDATE 2008-10-30: The Microsoft Knowledgebase Article is live: Windows Error Reporting does not function correctly when it is running in a "Windows on Windows 64" (WoW64) configuration on a Windows Vista SP1-based or Windows Server 2008-based computer.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - Setup Webinar this Thursday

I will be facilitating an SBS 2008 setup Webinar with my co-author Harry Brelsford this Thursday evening at 18:00hrs Mountain Standard: SMB Nation Webinars. The registration link is there.

We will run through the SBS 2008 setup process, talk a bit about the book and its contents, and address some of our SBS 2008 setup experiences to date.

It should be informative and give you an opportunity to see an SBS setup process live.

From the above link:

SBS 2008 Setup Webinar, October 30th 5PM PDT: Join Philip Elder and Harrybbb (we are writing the forthcoming Small Business Server 2008 Blueprint title) for a complimentary 90-minute Webinar sponsored by HP/Microsoft FLP on Thursday, October 30 at 5:00PM PDT (UTC\GMT-7 right now until early next month).

You will specifically witness the SBS 2008 server-side setup process, learn more about the pre-requisite step of configuring your router\firewall FIRST BEFORE YOU DO ANYTHING and the exact use of the answer file. There will be a presentation at mid-point by HP and then you will have plenty of time to ask all the questions that you have.


Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - Is my hardware not cutting it?

Further to the previous post: SBS 2008 - Reliability at a glance

How about how is the existing hardware handling the current load on the SBS OS?

System Performance

This has been one of the most difficult questions to answer from the client in the past. We needed to install third party monitoring tools to keep an eye on that box in order to provide a clear answer ... after a period of monitoring time.

That is no longer the case.

With the built-in Resource Overview and the ability to drill down to the smallest detail on the way the SBS OS is performing on the current hardware, we can find out very quickly whether the hardware is cutting it or not.

Under the four performance graphs are the four categories that can be clicked on to drill down to discover which processes are utilizing the hardware component the most.

Resource usage drill down

For those of us who have been working in this industry since way back, when we had to fight and struggle with third party tools to get any kind of information out of our systems, the new Reliability and Performance tools are a huge step ahead for us.

This particular SBS box configuration:

  • Intel Xeon 3070 Dual Core
  • Intel S3000AHLX Server Board with current BIOS
  • Dual on board Gigabit NICs are Teamed (one disabled when the wizards are required)
  • 8GB Kingston KVR667D2E5/2Gi DDR2 ECC (4 pieces)
  • Intel SRCSASRB PCI-E RAID Controller
  • 4x 320GB Seagate Enterprise Storage series in RAID 0+1 for redundancy and performance.
  • Intel SC5299DP series server chassis.

So far, with the Exchange being relatively quiet, the box has been running a consistent 4.5GB of RAM being used. Once we bring the e-mail volume up over the next couple of days or so we will see where things go with the Exchange Store.

SQL has been behaving itself as well, though it looks like we may end up needed to trim the memory levels allocated to each instance just as we needed to do for SBS 2003: SBS 2K3 RTM SP1 R2 Premium - Post install must do - Tame SQL Memory Usage.

More to come on our SBS 2008 lab setup ... and thanks for reading! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - Reliability at a glance

The reliability monitor in Windows Vista is a pretty neat tool to have an at-a-glance look at how things are performing.

We have inherited that tool on SBS 2008:


SBS 2008 Reliability Monitor

The pip just prior to the MMC crash had the server at Index 9.65. The reliability index grew to that point from the install/setup days a little over a month and a half ago. The server is running on the RTM bits.

The Reliability Monitor is perhaps one of the quickest ways for us to remote or walk into a client's location and have an immediate assessment of the SBS box's stability along with any Windows Server 2008 box's stability too.

The bonus: We actually get to see the culprit causing the problems! Talk about a shot in the arm for troubleshooting infrastructure problems!

Software vendors beware! We got you covered now. ;)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 Lab Test - Spam Filtering

The primary purpose of this post is to present our SBS 2008 lab users' e-mail addresses to the world as a spam trap.

Let's see just how good the Forefront and LiveOneCare for Server setup is.


Just in case you are wondering, the above users are setup in the SPRINGERS SBS domain as part of the book I am co-authoring with Harry Brelsford of SMB Nation fame tentatively called the SBS 2008 Blueprint.

Once we get things rolling along pretty good, we might even setup a couple "Out of Office" replies just to spice things up a bit! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Monday, 27 October 2008

MS08-67 Exploit now in the wild!

We blitzed to update all of our client's servers as well as our own:
Microsoft has released information indicating that an exploit is now in the wild:
Wow!

Talk about a fast turn around time on the release of the patch to an exploit being found.

The most vulnerable time in the whole patching cycle is the time between the release of the patch and its installation on our servers.

Why?

Because as soon as the patch is released the "bad guys" are downloading the patch and reverse engineering it to figure out how to get to the exploit!

So, if your client's servers are not patched yet, better get to it! 8*O

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - Access Denied when adding a printer

That learning curve is still there! :)

Trying to add a network printer to an SBS box we get the following:


Add Printer - Access Denied

Okay, so it is late at night, and the above linked lesson may not have sunk in past the cranial matter yet! ;)

So, given the previous post linked, guess what we forgot to do when adding the printer?

That is right! Right click on Add Printer and then click on Run as administrator!

Okay, so we need to get into the habit of elevating on the server too!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Saturday, 25 October 2008

A balanced work ethic? SBS helps at work and home

We all have different tolerance levels for how much work we can put in for the week.

But, there is definitely one thing that distinguishes those of us striving to get ahead, build, or otherwise express our love for what we do: We tend to work at it a lot!

What exactly is meant by work?

For us, the following would cover to a great extent what work is:
  • Providing the best possible solutions and services to our clients.
  • Developing our professionalism through formal training, mentorship, reading, labs, and more.
  • Contribute our expertise back to the community at large.
For those of us who are single, the amount of time spent working can be quite large. There is a flexibility in the amount of time a single person can schedule around their professional life. But, there needs to be a balance with the time spent with friends and family too.

For those of us who are married with or without children there is a balance that we must achieve between our work and family life. That balance is critical, because if one suffers, the other will too!

We are fortunate that SBS and related products and services we work with facilitate the ability to make efficient all aspects of our work life:
  • Remote Web Workplace: Remote connectivity to everything we need.
  • Remote Desktop: Via RWW gives us a secure way to work from anywhere.
  • SharePoint: Via RWW or direct allows access to many critical resources.
  • Outlook Web Access: In a pinch, works great via Web or Mobile Device.
  • Windows Mobile device: Remote connectivity while moving about with access to virtually all SBS services.
  • A good laptop that is encrypted and uses cellular high speed for connectivity.
Tying all of these SBS and related products together for our own businesses enables us to have a demonstration platform in place for our prospect visits, or for demonstrating to existing clients what further SBS based features could help their business.

For us, the above setup allows for scheduling flexibility. If there is a need to spend time with family, the day, like today, can be divided up between family and work.

Balance ...

Involvement in our professional and local communities are the other side to this coin. Getting out and getting involved in the SBSC, local Microsoft User Groups, online forums and groups, local charities, and the like are good for maintaining and developing new business and colleague relationships.

While the online stuff may facilitate our professional and to some extent our personal lives, nothing replaces face-to-face time with our peers, business colleagues, family, and others. To a great extent, the online stuff needs to take second place to face-to-face time.

A further development to balance things for my own family was the implementation of an SBS network at home. Having SBS at home has given us the ability to work with shared resources such as family e-mail, calendars, tasks, and contacts. Centralizing has made our home life balance and time management a lot easier to accomplish.

The CompanyWeb SharePoint site facilitates both our business and personal life work flow management that helps to give Monique the ability to be at home while still being fully involved in our business.

In the end, if our lives are well balanced between business and personal time involvements, we will find find that balance lends itself to our being very successful in both!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Friday, 24 October 2008

SBS - MS08-067 Critical - Update Blitz Results - A Strange Result

Working with a new client in the U.S., we had sent an e-mail to them and of course expected it to take no more than a few seconds before they received it.

Well, we waited, and waited, and waited.

A quick check of our SBS Exchange Queue showed that there were a number of e-mails in the queue. That was really strange.

So, off to the SmallBusiness SMTP connector Properties to verify that the service is set to deliver e-mail as soon as it hits the queue. It was not!

For some strange reason, the SMTP connector was set to deliver e-mail every hour! Huh? Not sure how that came about, but this is how that setting should look:


SmallBusiness SMTP connector Properties

Just in case, we will go through all of the servers we updated last night and check that setting.

It will save us having to answer a support call from a client wondering why their e-mail is not flowing as it should: instantly.

There may be no direct correlation between the update and the change in the queue setup, but we know that our e-mail was flowing immediately yesterday.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS - MS08-067 Critical - Update Blitz Results

We decided to run the Out-of-Band critical update: Microsoft Security Bulletin MS08-067 - Critical: Vulnerability in Server Service Could Allow Remote Code Execution (958644) on all of our client SBS, Win2K3, and Win2K8 servers last night.

Susan made the valid point about testing the patch on our own network servers first: Deploy the oxygen mask to yourself first and we did.

In our case, our SBS server disappeared off the map. It apparently did not come back up as all of the updates were run remotely. In checking the server, the problem was due to the ISA firewall service stalling because of an SSL certificate conflict. The conflict was resolved, and we were good to go. The problem had nothing to do with the update.

All of our client servers came back up with no issues.

Many of our clients have an Intel Remote Management Module 2 installed in their newly installed servers to provide us with Out-of-Band access if we are doing updates that will kill the RWW connection such as Exchange updates.

So, if we lost remote connectivity with any of them via RWW, we were at least good to go from the "console" provided by the RMM2.

And, as Susan also mentions: Microsoft Security Bulletin MS08-067 – Critical make sure you have the appropriate ports setup in the registry as indicated in her post to make sure the server does not disappear after a reboot or cause all kinds of internal network gremlin like behaviours.

Note the Windows operating systems affected by this update are essentially all from Windows 2000 going forward.

On that note: All client desktops that were online to receive the update last night will have rebooted. This is as good a time as any to send out a gentle reminder note to all client users that they should be always closing and saving their work and logging off the system or shutting it down when they leave their desktop for more than a couple of minutes or at the end of the day.

And finally: We could rest easy the rest of yesterday evening going forward knowing that our servers were patched!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Half an hour until Blog Talk Radio! :)

Coffee is on ...

Please join Stuart Crawford, Karl Palachuk, Amy Babinchuk and myself as we talk about what it means to be a small I.T. shop professional.

It's not like we have not expressed our opinions about being professional in this blog before eh? ;)

Link: Blog Talk Radio.

Thanks for reading! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Thursday, 23 October 2008

ShadowProtect restore hiccups ... no restore! Anyone?

Today was a day of fires ... lots of them too!

We have a problem: We went to upgrade an Intel Extreme system with a pair of 150GB Raptors. We added a second set of Raptors and enabled RAID 0+1.

Just prior to that we had created a ShadowProtect image and verified it.

Upon restoring our SP image we received the following error when booting into Windows:


Vista Error 0xc000000e - winload.exe missing or corrupt.

Total choke happening. :(

A bunch of searching turned up a lot of bcdedit commands though none of them worked as we always received the following error:

The boot configuration data store could not be opened. The requested system device cannot be found.

No matter what we tried, that is the error we received. The bootrec command was a part of some of the procedures we tried, though not from the linked KB article. Might look into that a little more in the morning.

Unfortunately, Storagecraft support has not been any help and the Microsoft newsgroups will not support the situation due to a third party product being involved.

Our post on the Storagecraft Forum: Vista x64 Recovery: 0xc000000e winload.exe error on boot.

Now, this system has sat by the side due to time constraints, so this situation was not high on the priority list. It is now. We need to bring the system back online for an upcoming project that requires it.

Anyone have any suggestions on how to get this box back up and running without a rebuild? Any input would be greatly appreciated. Thanks.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Wednesday, 22 October 2008

Some further thoughts on SBS 2008 Wow and MSP Hybrid

The system we are working on has some time to go before the factory recovery is complete ... and no free workstation. :)
SBS 2008 has a new reporting and backup system in place.
As has been mentioned here before, we provide a managed services hybrid to most of our clients that include rotating their backups every two weeks. We read our SBS daily reports every morning over tea or coffee ... and we get paid to do that.
The new reporting setup in SBS 2008 provides an awesome way, and an included one at that, to introduce a monthly billing structure to clients.
The SBS 2008 reports blow away what we receive from SBS 2003 because they include workstation status too. To repeat: All workstations on the network have their status published in the reports.
What better way than that to get going on introducing a proactive infrastructure management setup with the client.
How can you beat that? License System Center Essentials 2007 ... or other MSP product ... when a good portion of the shop's clients are online with the proactive monitoring. And with this type of setup, the value of the service increases, so too does the revenue stream!
After all, we are already receiving the SBS daily status report e-mail are we not? If not, then that is a business opportunity and steady revenue stream being missed!
The next step: Adding services such as ExchangeDefender and AuthAnvil and more to further develop the services repertoire. From there, it is backup rotations, off-site storage, and whatever service we can dream of.
The sky is the limit ... we need only get out of our break/fix box and head on up! :)
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
http://blog.mpecsinc.ca/
Sent from an SBS integrated Windows Mobile Phone.

SBS 2008 - Top 10 Wow and Top 10 Learning

Susan talks about her top 10 Wows for SBS 2008: The top ten wow's of SBS 2008 as inspired by a blog post by Dana Epp: Top 10 WOW Features on SBS 2008 which will make me switch from SBS 2003.

For those of you who have heard me talk about SBS 2008, you know I am pretty excited about it ... just ask Constanza and Satish! ;)

There are two aspects to the Wow: Features and Learning.

The SBS 2008 features not necessarily in order:
  1. Security: The simplicity of adding a third party certificate makes managing Remote Web Workplace access, Outlook Mobile Access, and Outlook Anywhere access a dream. A huge time savings for our clients and us.
  2. Security: The new Windows Server 2008 Event Log setup allows for finely tuned filters and things like e-mails being fired off when a certain event happens.
  3. Security: NAP ... NAP ... NAP! Yeah! Talk about the killer app for tightening up that ship! No more rogue systems that are unpatched and have out of date A/V or no A/V at all!
  4. Terminal Services Application Serving: Lots of goodness here ... first place we will go with our setup is publishing our book keeping to eliminate the need for a dedicated RDP desktop! We can see so much potential for our clients here ...
  5. SharePoint V3: The more we use it the more we want it! Top it off, between CompanyWeb SPv3, Windows Vista, and Office 2007 integration we are talking about serious workflow streamlining here!
  6. Mobile Access: Getting ISA off the same box means no more fights with Windows Mobile Exchange integration!
  7. Group Policy: The new Win2K8 OU/GPO structure along with Preferences and so much more give us such a great amount of flexibility and granularity when it comes to setting up our user and computer environments!
  8. Security: The integrated Windows Firewall gives us a breath of fresh air ... no more third party apps breaking things or completely cutting our servers off from the world on install or updates.
  9. Security: ForeFront and Live OneCare for Server: A one source, one stop shop for our server and client protection needs. Just check out the number of AntiSpam and Block List updates we receive in a day! Microsoft looks to be getting on top of their game when it comes to server/client malware protection.
  10. Management: The splitting up of the SBS Consoles is refreshing. The Windows SBS Console is the console we will be using the most. It is simple, has an at-a-glance status page, and enables us to access needed features quickly and simply. Very refreshing. We also get the Windows SBS Native Tools Management Console with the native server component snap-ins for those times we need to get granular.

I don't know about you, but one of the things I really enjoy about our industry is the constant challenge to learn new things ... to stay on top of the products and technologies we work with.

With the advent of so many different products, it has forced me to make a choice: Remain a Jack of all Trades and Master of None, or focus in on something and get really good at it.

I am pretty sure the choice I made is fairly obvious, though I am no where near as good at working with the SBS product as others are ... yet! ;)

Top 10 things to learn on SBS 2008:

  1. How to publish a TSApp through the Remote Web Workplace!
  2. Windows Server 2008 Group Policy changes and implementation structures ... especially the Central Store. Jeremy Moskowitz's books on the table for this one.
  3. Figuring out the XML structures for customizing things like the SBS Console itself or custom alerts.
  4. Network Access Protection (NAP): Learning the ins and outs along with tying it into existing SBS 2008 features.
  5. SQL Server 2008: Database migration techniques for existing LoB applications. Maintenance and Disaster Recovery.
  6. Deployment: Windows Server 2008 setup techniques. Especially Windows Deployment Services for working with Win2K8, SBS 2008, and Vista WIM image deployments.
  7. SBS 2008 Migrations: We are getting ready to migrate our own SBS 2003 R2 Premium setup to SBS 2008. We already have the stand-alone ISA box in place and waiting for production. Going to be the big one! :)
  8. IPv6. At some point we need to sit down and learn this one ... soon!
  9. Pass the SBS 2008 Exam! Not too sure about the status of the Beta I wrote three weeks ago.
  10. How to design a SharePoint Web site from scratch without breaking the whole thing in the first place!
Those are the ones that come to mind at this point. There are a lot of SBS features that are pretty neat and need to be learned.

Another side to SBS 2008 for us: It will be the best way to setup our hosting environment for SPLA. The ability to limit on a per user basis what network resources, features, or desktops a user can access when the log onto the Remote Web Workplace makes this product perfectly suited to providing hosting services for small companies that do not want to spend on a network setup.

The bar was high with SBS 2003, it certainly has been raised with SBS 2008. Good on you SBS Team!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - Exchange 2007 Update Error - Insufficient privileges to modify this file

To get rid of some log on failures caused by Exchange 2007 on SBS 2008, we are trying to apply Update Rollup 4 for Exchange Server 2007 Service Pack 1.

This is so we can implement the SBS Custom Report Alert we setup for user log on failures.

After figuring out how to create the custom report alert, we copied it into the correct directory and restarted the Windows SBS Manager service.

Pretty soon we were seeing the log on failure in the Windows SBS Console flagged in the Network Essentials Summary under Other Alerts.

But, the log on failures were not our own purposely wrong log on attempts, they were a hiccup in the Exchange 2007 setup ... and there were lots of them!

Every time we ran the .MSP file, we received some sort of funky privileges error:

Installer Information
The installer has insufficient privileges to modify this file: C:\Program Files\Microsoft\Exchange Server\RelNotes.htm.

Change the file permissions to Everyone with Full Control and run the installer again, and another file would hang the setup process up. Well, it is one thing for a simple .HTM file to have this problem, it is another thing altogether to see system files have the problem.

So, given that we are in a bit of a learning curve here, the first thing to do was to search for the error. Nothing ... nadda ... zippo ... zilch ... you get the picture. ;)

When we were initially installing Windows Vista workstations on our SBS 2003 domains, we needed to right click on the IE icon and "Run as Administrator". Well, in SBS 2008 we right click on the Rollup 4.MSP file and we were not offered that option. We needed to find another way to elevate.

To try another tact we did the following and it worked:

  1. Click on the Start button.
  2. Type: CMD but do not hit [Enter].
  3. Right click on the CMD that comes up in the search results and click on Run as Administrator.
  4. Navigate to the Exchange update directory.
  5. Type the name of the file including the extension and hit [Enter].
  6. Follow the setup prompts.

Sure enough:

Setup Wizard for Update Rollup 4 for Exchange Server 2007 Service Pack 1 (KB952580) Completed

Note that the Rollup did require a reboot.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Tuesday, 21 October 2008

DCPromo Error - Unable to convert computer account NewDC$

We are facilitating a Swing Migration in the Eastern US for a new client by providing phone support and feedback to the local I.T. professional who is doing the actual Swing.

When promoting a domain controller into the existing SBS domain they received the following error:

Operation Failed

Active Directory Wizard was unable to convert the computer account NewDC$ to a domain controller account. Access denied.

We have not encountered this error on any of the Swings we have done to date.

A quick search turned up the problem:

Working with the I.T. professional we discovered that the policy setting for Enable computer and user accounts to be trusted for delegation was blank.

This is what the policy setting in the Default Domain Controllers GPO should be out of the box on one of our SBS domains:

Enable computer and user accounts to be trusted for delegation

Now, something to keep in mind when making any changes to these types of policy settings: Do not click the Add User or Group button and type the name of a user or group then click the OK button.

Take an extra step or two to make sure that the proper Active Directory object is selected:

  1. Click the Add User or Group button.
  2. Click the Browse button.
  3. Type the name of the user or group. In this case we will use administrators.
  4. Click the Check Names button.
  5. A successful query will underline your user or group thus confirming the correct object is selected. Any other possibilities and you will get a "Which one do you want" type prompt.
  6. Click OK.
  7. Click OK.
  8. Click Apply and OK.
  9. Click Start --> Run --> GPUpdate /Force [Enter]
  10. Check the SBS App Log for the SceCli information Event ID 1704 indicating a successful replication.

You can then rerun DCPromo on the problematic server. Make sure that Windows Firewall service is disabled on the soon to be DC!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - Connect Computer failed - Multiple connections error

While setting up an XP Pro VM on one of our SBS 2008 lab domains, we received the following error:


Connect Computer Error Details
Connecting to the network

Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again

In this particular case, we needed to install .NET 2.0 on the XP Pro workstation prior to running the Connect Computer wizard. This particular lab based SBS 2008 has a connection with the Internet, so .NET was downloaded to the server first.

Explorer was opened and file://ss-sbs/Company was typed into the address bar to get to the install file.

Once authenticated, .NET 2.0 installed, and the Connect Computer ran via the http://connect/ site.

This error came up after all of the inputs in the Connect Computer wizard and we clicked the Restart button at the tail end of the process.

The error is similar in nature that one will get when renaming a workstation on a domain if there were mapped shares or connections to an SBS server share when making the rename attempt.

Open a command prompt and do a net use [Enter] and we see a connection that has been disconnected:

The Net Use command gives us a clue

Even though the status of the shared folder connection is disconnected, there is still something happening in the background.

Run net use * /delete [Enter] and sure enough we are asked to disconnect that connection.

Rerun the Connect Computer wizard and it will run successfully.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Monday, 20 October 2008

Blog Talk Radio- On Being Professional as SMB Consultants this Friday

Stuart Crawford hosts a regular discussion on Blog Talk Radio called Small Business IT.

This Friday, Stuart will be hosting:

We are going to talk about small IT shops and professionalism. How do we maintain professionalism and what do we do when we encounter IT consultants who do not operate in a professional manner.

The chat should be about an hour long. So, if you have an hour to spare, have a listen!

Here is the registration link: Being Professional as SMB Consultants.

UPDATE: Show is at 10:00AM Mountain.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBSC - Winning with Windows Vista Webinar

As much as the perception, and in our opinion it is a perception, of Windows Vista has been somewhat negative, we have had great results with Vista on a number of different fronts:
  • Group Policy
  • Search
  • Security

We have an upcoming exclusive Small Business Specialist Community Exclusive Event that is focused on Windows Vista and I will be providing some of the feedback on our Vista related experiences.

The LiveMeeting: Winning with Windows Vista on October 29, 2008 at 14:00 Eastern.

Like or don't like Windows Vista? Now is your opportunity to give voice to those experiences.

Some of the points to be covered in the Webinar:

  • Learn about the journey of Windows Vista since launch and get the facts that will prepare you for your SMB customer conversations.
  • Find out about the programs and investments Microsoft is making to drive Windows Vista in SMB, including an update on a new offer called Windows Vista Small Business Assurance.
  • Discover the resources and tools available to support you in landing Windows Vista with your SMB customers.
  • Hear from another SBSC partner about successful strategies for getting SMB customers to adopt Windows Vista.
  • Learn about Windows Vista and how it can help your customers.

Note the fourth point! That is where all of us SBSCs can chime in! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Saturday, 18 October 2008

SBS 2008 - The built-in DDNS service Canadian considerations

Susan draws attention to the new Dynamic DNS setup in SBS 2008: Dynamic DNS service on SBS 2008 under the hood.

Essentially, for those who have worked with tzo.com or our favourite no-ip.org, the Dynamic DNS (DDNS) service will "automatically" redirect a DNS A record to a dynamic IP no matter what the ISP assigned IP is. Thus the name "Dynamic DNS".

A number of years back these services were very common and used a lot as ISPs back then only offered static IPs with their very expensive business class services.

Around the same time in Canada, ISPs began to flush businesses out of consumer grade service plans into business grade service plans. At the business plan entry level, things were essentially the same as the consumer grade plan, but the ISP could charge more for the service. Static IP plans were still not the norm and quite a bit more expensive.

In the last couple of years, Canadian ISPs have been offering "Server" class plans with one or more static IPs assigned to the customer at a very reasonable rate.

So, in our case, we migrated our clients over to our favourite ISP Nucleus to get a true static IP setup, some pretty good upload/download speeds, and great service.

With the advent of high volumes of spam being spewed from compromised consumer systems, people running servers on dynamic IPs, and other reasons our Canadian ISPs have moved to block all inbound traffic to those customers with dynamic IPs.

What does that mean? It means that all of the standard ports for inbound traffic are unavailable:
  • SMTP port 25
  • HTTP port 80
  • HTTPS port 443
  • POP3 port 110
  • TELNET port 23
  • FTP port 21
  • SSH port 22

Gone are the days where people would run FTP and HTTP servers on their consumer grade Internet connection.

ISPs have even gone as far as limiting business "server" grade services to residences without proof of business operations.

So, what does this mean for us? It means that part of setting up a client's SBS 2003/2008 office is to do due diligence with the ISP they may already have, or potential ISP if it is a new office or business.

Verify if the ISP does indeed block critical services inbound traffic on the ISP's service plan the client may be on or want to sign up to.

The ISP may also restrict outbound traffic for the various server services, especially e-mail SMTP. Make sure to investigate the ISP's policy on outbound traffic too.

At least in Canada we know that if we sign our clients up with ISPs that have a "server" class service no restrictions are in place.

Also, keep in mind that services like PPPoE may cause headaches with inbound traffic.

Also, one of our national ISPs here, there may be others, use a MAC address registration system to "secure" their networks. If there is a need to bind more than 1 static IP to the same NIC on your gateway server or appliance make sure to verify that your client's ISP uses true static IPs and not DHCP reservations with no ability to bind more than 1 IP to a NIC.

The MAC address situation has been a plan buster many a time due to an inability to move to another ISP.

As always, "Buyer Beware" ... due diligence is necessary to guarantee things will work as they should.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Friday, 17 October 2008

DIY's rope got long enough...

The proverbial straw that broke the camel's back:

DIY's billing for extra time where the client contact knows their arrival and depature times.

The suspicion flag getting raised: Selling as new what turned out to be refurbished Tier 1 systems. They were found out when one of those systems almost immediately failed and Tier 1 indicated it was already a refurb.

DIY initially refused to support it or even take it back. The legal flag was raised along with the cancelling of the cheque for the system. They relented and gave a full refund.

So, here we are.

Not only are things an utter disaster on their network, DIY was taking them for a ride and they were none the wiser ... At least until they hired their current office admin. She fortunately has enough computer experience to get the idea that things were amiss.

There is no substitute for a knowledgeable user!

She has saved them from the brink of utter disaster ... The possible toal loss of their organization's data and existence.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
http://blog.mpecsinc.ca

Sent from an SBS integrated Windows Mobile Device.

Dangerous DIY and Group Policy

More...

A domain level stand-alone GPO to run a script that does not exist.

A huge set of software restrictions in the default domain GPO with an Everybody scope.

It is a wonder that things have been running with this person managing their network as long as they have!

Wow.

A little bit of reading and a lot of formal training, or a lot of reading with a little formal training tied into running a lab to experiment and learn goes a long way to doing things right the first time.

There is no replacement for experience and mentorship!

Best Practices Analyzers! There is a very good reason or them.

With our client's businesses literally in our hands, we cannot afford to take our responsibility lightly.

We can never ever sit back on our laurels and say we know enough. The moment we do that, we and our clients are potentially toast.

Ugh! What a mess.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
http://blog.mpecsinc.ca

Sent from an SBS integrated Windows Mobile Device.

Dangerous DIY - "Knows what they are doing"

The entire life of a non-profit hanging by a thread:
  • No reservation for the server IP = .100!?!
  • DHCP set to infinite lease time.
  • DNS IP in DHCP pointing to a workstation IP.
  • DNS ISP settings in the internal NIC DNS Servers setting.
  • DNS not set to update from DHCP (that is pretty obvious as to why).
  • Roaming profiles setup with improperly set ACLs and share permissions.
  • Backups nonfunctional despite the assurance that they were running properly.
  • Workstation permissions messed up.
  • Printers set to static IPs with no reservations in DHCP for those IPs = lots of "I can't print" complaints.

There is just so much that is wrong here ... :(

This is the image used to explain what we are finding:

Someone has gashed their arm with an axe and the person who "fixed" it used a thousand band aids.
We will be installing a new SBS server here. And, given the frightful mess, we will be starting from scratch.

Hopefully we will not have to fight with Group Policy Tattoos and other problems carrying over from the existing 25+ workstations!

*sigh*

There is nothing more dangerous to the entire livelihood (20+ years on the edge of going down the toilet in this case) of an organization than a combination of arrogance and "I know what I am doing".

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Thursday, 16 October 2008

HHR SS has arrived! :)

The HHR Panel SS finally showed up!

We picked it up last night, I read through the manual then and this morning, and now am readily prepared to pilot the new ride!

Some neat surprises for 2009:
  • Seamless Bluetooth integration with steering wheel controls and voice command to digit or name dial the cell phone.
  • USB 2.0 port to plug a flash drive in with some MP3 or WMA tunes, the Apple player, or others.

The fit and finish is excellent. Not a spec nor are any of the lines out of alignment. Everything is crisp and clean.

Indeed, The General has come a long way on their quality and quality control.

A pic or two to follow ... when there is a little time!

Thanks for reading and for your support! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Wednesday, 15 October 2008

Business Contact Manager - Recovered MDF and LDF

Our previous post: Business Contact Manager - Recovery via *.mdf and *.ldf only.

We just spent the afternoon working on a Business Contact Manager recovery for a new client that was not comfortable with getting things to run.

If you need help recovering your databases, please drop us a line: BCM Recovery.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - Physical and Virtual Product Keys

For those of us on TechNet, MSDN, or soon to be Open Licensing, we will see that there are two sets of product keys we are given to activate the server:
  1. Physical: This product key will be bound to the physical hardware the server OS resides on.
  2. Virtual: This product key will activate the OS, but not require reactivation if memory, CPU cores, or any other virtual hardware configuration is changed.
Microsoft KB949748: Description of the changes that were made to the product activation process for Windows Server 2008 in a virtual operating system environment.

The virtual product keys apply to server OSs only and will be provided with Fully Packaged Product and OEM product. In the case of OEM product, there are some restrictions on preinstallation.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Antec Skeleton - Wow neat niche

Came across this one on Slashdot: Antec Releases "Skeleton" PC Case with a link to an ExtremeTech article: Antec Skeleton Open-Air PC Case Review.

Wow ... what a neat idea:



Antec Skeleton

The image comes from Antec's site.

The first place this case can be used is for our data mule system here in our shop:

MPECS' Data Mule System

Currently there is an Intel DQ965GF with an Intel E6600 Core 2 Duo CPU installed running Windows XP for data tool compatibility. Notice the cables and essentially little organization around the system.

That is an old Compaq desktop case cover that everything is mounted to.

The system is setup in such a way so as to provide us with the ability to hook up 11 SATA drives to the system for backup, recovery, or DoD erasing needs.

Availability on the Skeleton is limited as of yet here in Canada, but once we can get them, we will be sure to put one on order.

Neat "case". :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Tuesday, 14 October 2008

SBS 2008 - ForeFront and Exchange Enterprise AntiSpam and BlockList Updates

Anthony and I have been having a good discussion over this particular topic: SBS 2008 - WSUS Synchronizations and Exchange.

The updates showing up in WSUS and being automatically approved are indeed the Enterprise level AntiSpam and BlockList ones.

So, for clarification, an e-mail was sent out to our favourite SBS Team Member Sean Daniel, and this is his reply:

This is my understanding of how all this works. Exchange is definitely weird, because all of the “Enterprise” stuff is in there, but you’re not licensed to use it all, without Enterprise CALs and PIDs.

So, with Exchange 2007 std, you have rights to download spam updates every 10 weeks or so via MU only. With the addition of FSE license, that gives you the right to override the 10 weeks and enable the automatic updates, this happens a few times a day.

Now, the details:
a) WSUS is configured for once a day, so the anti spam service is checking and checking, but will only get updates once a day. I think you’ve got this part
b) If FSE expires, the EULA says you have to disable the automatic anti-spam updates.

So I believe the short answer is, as long as you have FSE, you’re eligible for daily updates.
Pretty neat eh? We SBSers get to sneak under the wire on the licensing of those updates with ForeFront installed and licensed! ;)

So, the earlier blog post recommendation of changing your WSUS synchronization schedule still applies!

Thanks to Sean Daniel for taking the time to get back to us!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

The death of WiFi and simple WPA/WPA2?

We have been very leery of wireless for our clients that have specific data security requirements.

We have advised from day 1 that wireless is not recommended for these kinds of client environments:
  • Law Offices.
  • Accounting Offices.
  • Health related services.

With the ability to crack WEP security in seconds, it was only a matter of time before WPA and WPA2 would be cracked, or at least compromised in some way.

When we received questions about wireless as far as our no wireless policy, we point out that wireless was nowhere to be found at our banks here in Canada, government offices, or other sensitive locations.

Well, to some degree it looks as though we may be vindicated:

Utilizing 20 consumer grade systems with a pair of GeForce GTX280s in each system the software the researchers were using brings the WPA/WPA2 cracking from a magnitude of years down to days.

The cracking process is focused on static ASCII type keys at this point. That type of setup is pretty much the bulk of the SMB market since many have not or cannot implement some sort of Enterprise grade RADIUS setup.

Have a look through the above article's comments. Some of them are very informative on both securing wireless as well as other methods available to crack wireless.

For now, we will continue to err on the side of caution in certain sensitive data situations.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - OEM Preinstallation Kit Available

Susan gave the heads-up: Windows SBS 2008 OPK and User's Guide Now Available.

You must be registered on the Microsoft OEM site in order to get to the content.

The OPK download is a .img file running 1.4GB. You can rename that extension to .iso to burn the DVD. We use the freeware product CDBurnerXP.


Customize SBS 2008 and install via 3 methods

While the SBS Answer File can provide a simple installation structure for smaller shops, Windows Deployment Services and a large data store will be the way to go for larger shops that need to customize the images based on what is installed or not on SBS 2008.

For similar server hardware setups, WDS gives us the ability to do a lot of the post OS installation tasks prior to creating the image.

The new WIM image format for Windows Vista, Server 2008, and now SBS 2008 gives us huge flexibility in the image delivery methodology, image customization, and image updating.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Monday, 13 October 2008

A Canuck Happy Thanksgiving!

Today is Thanksgiving in Canada.

We here at MPECS Inc. have a lot to be thankful for:
  • Family including the newest edition Jean-Luc.
  • Friends we can count on.
  • A robust business and many new opportunities.
  • People that work with us and we work with.
  • Our longstanding clientele.

There are a lot more reasons for us to be thankful for.

Happy Thanksgiving from our family to yours! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - Self-Issued SSL Cert Only Good for 2 Years

Remember when Sean reminded us about the coming SBS 2003 self-issued SSL certificate expiring? SBS 2003 was released around the middle of 2003, so, around the middle of 2008 there were to be some self-issued SSL certificates expiring.

Here is what the self-issued certificate in SBS 2008 looks like via the certificate management snap-in:


SBS 2008 Self-Issued SSL is good for 2 years

The fact that the certificate is only good for two years is important.

If a client decides against a third party certificate, then the network audit notes need to reflect the expiry date of the certificate. A reminder should be set in Outlook or client management software for a month or so ahead of the expiry to speak with the client about obtaining and installing a third party certificate.

Why third party? Because the need to have every non-domain joined workstation run the little SSL install routine could get to be quite expensive over time. And, getting a Windows Mobile device to run with the self-issued certificate may turn into a nightmare depending on the provider the device is connected to.

We use Comodo for our single SSL certificates and DigiCert for our wildcard certificate needs. They may not be the least expensive, but we get to talk to real people if we get into some sort of pickle.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

XP - My Taskbar Address Bar disappeared?!?

This is just plain silliness:

Let's stop and give this some very serious thought ...

After fielding a support call for this very "problem", it took a bit of searching to bring up the above links.

The move to remove the Address Bar availability for the Windows Taskbar in XP SP3, which is still available in Vista BTW, was apparently due to "antitrust" enforcement.

So, how many hundreds of thousands of users were impacted by this one little facet of an antitrust "settlement".

People who scream "Antitrust" and "Anti-Competitive" need to seriously look at the "products" that Microsoft is supposedly anti-competitive over. If a competing product does not make the cut, then people will not want it. If it will not do what people need it to do, people will not want it.

If the product is trying to do what IE already does reasonably well and people don't want to switch, then don't expect people to switch!

Then there is the real-world business situation that depends on IE functionality to keep their business processes flowing. What is next? Forcing the world's companies to drop SharePoint, Office 2007, Vista, and IE integration for some open source something or other that cannot even come close to the same functionality?

Those that make the anti-competitive claims should stop behaving like a schoolyard bully that has found a way to pick on someone bigger than they are because the bigger person will not or cannot hit back.

The same goes for Windows Media Player, Microsoft Paint, and any other product that is a part of any Windows OS that may be "grounds" for so-called anti-competitive action. If someone comes up with a competing product that does not cut the mustard, then why would there be some sort of expectation that people will switch to their product? Small Business Server definitely falls under this category too.

Ever hear of Skoda (different industry - really bad product), RealPlayer (can be argued either way, but we haven't seen a needed install in a long time), and others that tried but failed?

Every time an antitrust settlement is levied against Microsoft it impacts millions of users. It costs those users downtime. That downtime costs companies, hundreds of thousands of companies, money. That is the reality folks ... the so-called antitrust "winners" are really "losers" in the order of $millions.

On top of that, it costs Microsoft huge money to rework what was a really good product in the first place.

Look what antitrust did to the search functionality in Windows Vista RTM to SP1.

As a business owner, it amazes me that a supposedly "free market" looks to be the exact opposite: [Sarcasm] Somewhere, a draconian monster listens to the loudest squealers which then turns around and hits whatever company it wants with whatever "antitrust" measures it sees fit ... without counting the "real" costs of those measures. Some parts of the world are worse for these practises than others. [/Sarcasm]

A free market is supposed to be just that: The best product that provides the best value for the money wins. Manufacture a sub-par product, don't expect to get anywhere. Manufacture a great product but have lousy back end support and contact with the customers, don't expect to get anywhere either.

Make a product that meets a need in some niche market Microsoft can't touch and do it well, then expect to go viral! There are lots of examples in this category ... some of whom are beginning come under that antitrust "monster's" eye.

And finally, the old argument that start-ups, the small guy on the block, and new products can never compete with the 800lb gorilla in the room doesn't wash anymore ... not with the Internet and all of the avenues available to make that product known.

If the product rocks ... and the company behind it has their stuff together, it will run like crazy, go viral in an insane way, and eventually the company may get purchased by some multi-national that very well could be Microsoft!

And that is the key: If the product rocks, people will buy it ... they will want it.

Mimic, try to better the 800lb gorilla's products, or market a piece of fluff as the next big thing to capture angels, and reality will eventually set in at some point: That "killer app" will indeed be killed off.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Saturday, 11 October 2008

SMB I.T. Consultants and a vPro Based Lab

This is a cross post: Intel vPro Expert Center.

One of the things we advocate when mentoring new I.T. start ups is to take "Baby Steps" in their business building processes.

One of the critical areas that the new I.T. shop needs to build up is the lab.

A simple lab setup that has a relatively low cost, but provides excellent value is the following:
  • Intel DQ35JO
  • Intel Q6600 or Q6450 Core 2 Quad
  • 8GB Kingston KVR800D2N5K2/4G non-ECC RAM
  • 2x 500GB Seagate Barracuda in RAID 1
  • Antec Sonata or Minuet.
  • Intel PRO/1000 PF PT Dual Port Server Adapter

This is our base configuration. Quad Core gives us the necessary power to run a number of virtual machines with 8GB giving us the space to run at least one or two server OSs and perhaps one or two desktop OSs at the same time.

The host OS to begin with is Windows Vista Business x64 with Virtual PC providing for the virtualization needs. Down the road either Server Core with the Hyper-V role installed or the new Microsoft Hyper-V Server 2008 can provide the host foundation.

RAID 1 via the on board controller is a first step. The second, once the consultancy has grown some, is to install a second pair of 500GB Barracudas to open up the I/O bottleneck a bit with RAID 0+1.

Licensing would be covered by the Microsoft Action Pack Subscription to begin with. TechNet Plus would provide the lab licensing further on.

Why vPro? Because, a business is very conscious of every dollar being spent during the startup and early phases of its existance. Active Management Technology provides a simple but effective way to faciltiate reduced expenses.

While the DQ35JO may cost a bit more than say a Classic series board out of the box, those extra dollars are returned very quickly in two ways:

  • Power savings by having the lab system or systems off while not in use.
  • The consultant can fire up that lab system when they are not in their office.

The built-in hardware support for virtualization is also a key feature.

Microsoft Windows Small Business Server 2003 or 2008 provides an SSL secured remote access method to the internal network via the Remote Web Workplace.

The methodology is quite simple:

  • Log on to RWW as a domain admin.
  • Log onto the server via "Connect to my Server" link.
  • Use the Intel System Defense Utility to connect to the lab system and power it up.
  • Log off SBS and RWW.
  • Log onto RWW as the lab user
  • Connect to the lab system via the "Connect to my computer" link.

Once logged onto the lab system's desktop the consultant is good to go with whatever tasks they are looking to test on the lab setup.

Prior to vPro and AMT, we were leaving our lab systems online all of the time. We had to, as there was no guarantee that the lab would be needed while on-site working on a critical issue. And, if a problem arose where the lab system had locked up, there was no way to power cycle the system.

For us, vPro and AMT just make cents!

UPDATE 2008-10-22: Adapter was the wrong model, and added the Kinston part number.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

SBS 2008 - WSUS Synchronizations and Exchange

Have a look at this:

Exchange BL and Spam Updates

The list of updates released in one day makes it pretty clear that our WSUS synchronization schedule needs to be set to more than once a day.

By default, we are setting all of our WSUS setups to sync 8 times a day or once every three hours.

That should be enough to catch most everything!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

Friday, 10 October 2008

Intel Solid-State Drives and data recovery

Intel Channel Conference: From the horse's mouth: Backup, backup, backup!

One thing to keep in mind as SSDs become more ubiquitous: The need to have backups is mandatory since data recovery from a failed SSD is an unknown or possibly impossible.

No more freezer method folks!

Note that we will be seeing more SSDs in laptops and workstations as we go along.

So, a backup strategy for those clients that begin using them should be in mind when quoting an SSD based system. Backups should be the first thing that comes to mind if a client contacts us after purchasing an SSD based system too.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
http://blog.mpecsinc.ca

Sent from an SBS integrated Windows Mobile Device.

Nehalem - Intel's next gen CPU architecture

The new architecture will give us a balance between performance and power savings.

Performance:
More cores! 4. 6, 8, and more.
Built-in overclocking ... Bin up 1, 2, or 3 on one or more cores to handle those demanding threads running on that core.
Memory controller built into the CPU.

Power savings:
Cores can scale back their power consumption.
More tasks accompished per clock cycle.

Looks like we will have some pretty neat stuff to help our clients reduce their power footprint all the while gaining performance from their servers.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
http://blog.mpecsinc.ca

Sent from an SBS integrated Windows Mobile Device.