Tuesday, 30 June 2009

Business Opportunities

There are always ways for us to develop new avenues for revenue in our business.

Over the last year or two since starting this blog, anything that came across as a possible revenue stream for our company was categorized as a Business Opportunity.

Have a look at some of the posts in the above category to get those creative business juices flowing.

The category has also been added to the list of categories to be found in the right hand column of the blog.

Thanks for reading! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Monday, 29 June 2009

Windows and Office Product Key Finder Utility

We have one our client’s partner systems on our bench right now. We sold them the system as well as the software licensing.

We were not expecting to do a full OS reinstall. But, we are replacing the original DP35DP motherboard with a DP45SG series board since we cannot get the system to run completely stable. Our client does not have the keys with them.

The reason for the replacement is that we put together an upgrade for this partner not too long ago and that upgraded system is almost identical to this one, running on the DP45SG, and does not spontaneously combust every once in a while like this one seems to.

We have a copy of the Windows Vista Ultimate SP1 retail DVD here along with the Office 2007 Enterprise Home Use Program disk that are required for the rebuild.

What we need though are the key codes for the products.

Enter the Magical Jelly Bean Keyfinder.

image

The key finder is an open source project and picks up the product keys for most Windows and Office products.

We save the keys to a text file on either a USB flash drive if there is only one partition on the system, or to the second partition just prior to flattening the system. Once we are done and the keys are back into the respective products, the text file gets wiped.

A ShadowProtect image is taken of the system before it gets flattened as well.

We keep a copy of the utility on our Technician’s Thumb Drive.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Help: I got hacked! Now what do I do?

For us, there are no other options: Flatten the system.

Jesper Johansson at Microsoft Security Management:

There are no guarantees when it comes to cleaning out a compromised system.

None … nada … zilch.

Thus, keeping a good, tested, and up to date backup is essential for getting the data back. Not recovering the complete system, just for recovering the data itself.

To date, we have only had a few one-off situations where the person with the compromised system did not want it rebuilt. In that case, we make it pretty clear, in writing, that there can be no guarantees that the system is clean after we have done our best to remove the offensive content.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Saturday, 27 June 2009

SBS 2008 – Create the Group Policy Central Store

One of the steps to reduce the storage requirements for Group Policy content as well as provide a central location for editing and managing Group Policy ADMX and ADM files is by creating the Group Policy Central Store.

Pages 342 through 346 in Jeremy Moskowitz’s Group Policy: Fundamentals, Security, and Troubleshooting have an awesome discussion of the Central Store along with a how-to.

We have both of this books as they are invaluable Group Policy resources.

Creating the Central Store is actually quite a simple process (make sure to Continue through any UAC prompts):

  1. Open Windows Explorer
  2. Navigate to the %windir%\sysvol\sysvol\mysbsdomain.local\Policies folder.
  3. Create a folder called PolicyDefinitions.
  4. Depending on the SBS 2008 server’s locale, create a subfolder for it. In our case that is en-US (not a necessary step due to the following copy process, but just in case).
    • image
  5. Open another Windows Explorer window and navigate to one of the Windows Vista machines with the most current service pack: \\MI-MyMachine\C$\Windows\PolicyDefinitions
  6. Copy the contents of the Windows Vista folder into the PolicyDefinitions Folder on SBS 2008.
  7. Open the SBS Native Tools Management console.
  8. Open the GPMC snap-in.
  9. Click on any GPO that has settings in the Administrative Templates section.
  10. Click on the Settings tab in the centre pane.
  11. Click on Show All.
  12. Note the location of the ADMX files.
    • image

Once the Central Store is in place, the only real maintenance is to make sure to copy the contents of a Windows Vista or Windows 7 PolicyDefinitions folder back onto the server to catch any new GPO content.

Please pick up Jeremy’s books to get further details on the Central Store and its benefits for the SBS 2008 domain.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Friday, 26 June 2009

Windows Vista Service Pack 2 Breaks Lacerte 2008?

When starting Lacerte 2008 this morning, this is what the user would see:

image

Now, this particular network is a homogeneous SBS 2008 and Windows Vista network.

Since we deliver a restricted domain user account to all of the Windows Vista workstation’s local Administrators Group by Group Policy Preferences, we are able to use Run As Administrator on the shortcut for Lacerte 2008 while logged in as a Standard User.

When we do, we received the following error:

09-06-26 Lacerte 2008 - Run As Error - Not Legal Path Name

Click on the OK button, and try and navigate to the UNC:

09-06-26 Lacerte 2008 - Run As Error - Not Legal Path Name - 2 Find Path 

When we tried that either running as the user account or via the Run As Administrator account we would receive the same error.

Logging for dropped packets is enabled on all workstations for all three firewall profiles. The Windows Firewall with Advanced Security log showed no dropped packets when trying to run Lacerte 2008.

Since every user was experiencing the same thing, either one of three things has happened:

  1. A change was made at the server since all of their Lacerte data resides on it.
  2. A change was made at the workstation.
  3. A change was made in the program itself.

Since we manage this particular server, we know that there were no changes made between yesterday and today as Lacerte 2008 ran fine yesterday.

When asked about whether Lacerte 2008 took any updates yesterday, the users indicated that none were applied.

That left the workstation:

image

The Windows Vista Service Pack 2 was installed via WSUS delivery last night.

After troubleshooting the setup on an available workstation, we rebooted the workstation to make sure that any changes made by the service pack were not causing any problems.

Once the workstation came back up, Lacerte 2008 started up just fine.

Something in the WSUS delivered Windows Vista Service Pack 2 did not take properly, or the system did not reboot itself as necessary once the update was applied.

We have a batch file on the server’s desktop with the following content for each workstation on the domain:

  • shutdown –r –t 90 –f –m \\MI-Workstation01
  • shutdown –r –t 90 –f –m \\MI-Workstation02
  • etc…

We made sure to warn them ahead of time via a phone call to the office administrator that we were initiating a reboot of all workstations on the domain.

Once all of the workstations had rebooted, they all had their Lacerte 2008 back.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Windows 7 – Remote Desktop Multi-Monitor Goodness

The TS Gateway service allows us direct access to our desktops.

The new RDP version allows us to /mulitmon to use the two monitors we have connected to this workstation on the remote desktop:

image

Here is a list of the new RDP version’s command line switches:

image

Just remember that the TS Gateway service does allow for direct connections to any TS enabled system inside the SBS network. As a result, it would be a good idea to look at AuthAnvil by Scorpion Software to provide another level of authentication protection.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Thursday, 25 June 2009

We Are Only As Good As Our Word

It is an old cliché, yet, it rings very much true for us today.

Our client’s time is extremely valuable. Since we deal with SMB, our primary client contacts tend to be the business owner or one of the partners in the firm.

So, when we make a commitment and are unable to keep it, and that commitment causes our client to lose time or face with their clients, it costs them ... and at times it can cost them dearly.

Thus, it is important to follow through with our client when we have made a commitment to provide products and/or services.

A simple phone call well ahead of time to let them know that things are not working out as planned is critical to maintaining a level of trust between us and our client.

If the situation warrants it, we need to have a backup or contingency plan in place to make sure they can follow through on the commitments they have made to their clients based on the soon to be provided product or service.

In the long run, it is our experience with the products we work with and with the suppliers we rely on that enable us to provide a fairly accurate assessment of the timeline for a project.

When we put a solution together, we make sure to provide a buffer of time to cover for things like no stock on products or the need to work out licensing structures for software.

When working with existing networks that have had other folks managing them, there needs to be a time buffer in place to cover those unforeseen situations that are bound to crop up and throw the project time budget into the red. This is especially true with SBS 2003 to SBS 2008 migrations.

With this understanding, we can be faithful to our commitments providing the products and services we said we would at or below the cost we quoted for.

With the Cloud looming, and I.T. becoming more and more a commodity to business owners, we can take the above knowledge, experience, and reputation and use them to develop new directions for our business relationships.

And one other thing: the commitment goes both ways.

When suppliers or others we work with on a regular basis continually make promises to us and fail to follow through on them, we will be not so inclined to rely on them for future business needs.

Our Word is our Gold.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Outlook and Exchange – Send/Receive Settings Verification Needed

In most of our client sides we deploy Office 2007 via Group Policy as our corporate clients are on Open Value Agreements and most of our non-profits are using TechSoup for theirs.

When we run the Office 2007 setup.exe /admin [Enter] from the command line to create our MST file, one of the things we make sure to do is to customize the send/receive settings for the Outlook client.

By default, we prefer the Send immediately when connected setting not be checked for those, “oh oh, I missed something” moments where the user wants to get back into that e-mail and make changes:

image

After clicking the Send/Receive button in the above screenshot we are presented with:

image

Out of the box, the default Send/Receive time cycle is 30 minutes. When creating the MST file we make sure to set that to 5 minutes. Though lately, we have needed to make sure the newly set up client has the correct time interval settings.

For some reason, the default 30 minute Send/Receive cycle has been the setting in the user’s Outlook setup out of the box.

Now, for the critical setting:

image

Besides the Send/Receive setting not being the 5 minute interval, the Include the selected account in this group check mark has not been checked for the Microsoft Exchange account.

What we have been seeing is the Send/Receive immediately setting enabled, the above Microsoft Exchange account group not checked, and users calling us to ask why their Public Folders content was updating on everyone else’s system but theirs!

So, we now take a quick check to make sure that the above settings are indeed in place before handing the system, or new network profile, over to the user.

One other area we will be investigating is Group Policy management for Office 2007 settings as we get settled into the new GP setup in Windows Server 2008/SBS 2008. Once we have the Group Policy Objects in place, we will make sure the settings are in place for all of the SBS domain clients.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Dell Default Server Partitioning Scheme – SBS Installers Beware

This is the default partitioning scheme that we encountered via a support call with someone having problems with their SBS 2008 install:

image

If the factory OEM install was used, or if the Dell preparation utility disk was used and the utility was allowed to install the Dell Utility Partition, the above is what we would end up with.

In our case, we always flatten the RAID arrays and start fresh without the utility partitioning schemes and set up our default partitioning for SBS 2008 (SBS 2008 Setup Checklist post).

The catch with the setup above is that the SBS 2008 Backup will fail out of the box. That FAT32 partition will break it.

Using the Diskpart command we can convert that partition to NTFS and at least get the SBS 2008 Backup to run successfully.

In the end, the above leads to a messy partitioning scheme along with the possibility of causing problems in the event of a failed RAID array.

We prefer to keep things simple. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Wednesday, 24 June 2009

The Public Folders are Disappearing Myth

Indeed, it is a myth. From the Microsoft Exchange Team Blog:

We work with a number of Line of Business Applications (LoB) that develop a good part of the collaborative features on top of Exchange Public Folders.

In our experience trying to migrate some of these LoB application collaborative features over to either the Companyweb site or a dedicated SharePoint site on SBS we have seen some very strange behaviours in the apps once resident in SharePoint.

In our experience, there is a functionality in the Public Folder setup that does not seem to be there in SharePoint.

So, when a LoB requires Public Folders, we set up the prerequisites in Exchange and then install and configure the LoB app.

The Guidance post above has a good grid to provide us some direction in the decision making process between Public Folders or a SharePoint list or library.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

SBS 2003 to SBS 2008 Migrations – Folder Redirection Caveat

Once the Folder Redirection policy has been enabled in the SBS 2008 Console, a GPO linked to the SBSUsers OU will be configured with the appropriate settings to redirect the selected folders.

In the case of a migration, to eliminate a lot of post migration problems with user profiles that only occasionally connect, it is a good idea to remove the following settings in the new GPO after enabling folder redirection on the new SBS 2008 server:

image

  • Grant the user exclusive rights to Documents.
  • Move the contents of Documents to the new location.

David Moisan (blog link) made the suggestion in the comment section of our SBS 2003 to SBS 2008 Migration Guide (previous blog post).

He also suggested, and we will also be doing, that once the settings are in place after a GPUpdate /force, that we manually move the contents of the SBS 2003 Users folder to the new FolderRedirections folder for the user profiles to find there.

Now, note that in the SBS 2008 Console, even though the check marks were originally there for Desktop and Documents, they disappear when the top two check marks are removed in the actual Small Business Server Folder Redirection Policy GPO.

image

Also, make sure to disable those two settings on the legacy SBS 2003 folder redirection GPO so that there is no confusion until it is deleted near the end of the migration process.

Thanks David for your excellent suggestions! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Tuesday, 23 June 2009

SBS 2003 to SBS 2008 Migrations – Time Service Status are Critical!

In our SBS 2003 to SBS 2008 Migration Guide (previous blog post) one of the source SBS 2003 server preparation steps is to make sure the time service is correctly synchronized with an outside time source.

From the Migration Guide (currently at Step 14):

  1. Run the server time setup step.
    • w32tm /config /syncfromflags:domhier /reliable:no /update [Enter]
    • net stop w32time [Enter]
    • net start w32time [Enter]

When booting up the SBS 2008 box for the first time, it is also critical to verify that the time setting in the server hardware’s BIOS is close to the source SBS 2003 server’s time as well.

There are so many problems that can arise and kill the migration process if the two server’s timing is out by more than 5 minutes or the source SBS 2003 server has a malfunctioning or not functioning time service.

Also, make sure to run the SBS 2003 Best Practices Analyzer!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Monday, 22 June 2009

Windows 7 RC on Tecra S1 Laptop – Memory Upgraded to 1GB = Wow!

We had installed Windows 7 Release Candidate on an older Toshiba Tecra S1 with 512MB of RAM (previous blog post).

We dropped another 512MB of RAM into the laptop this afternoon.

Here is what the Task Manager looks like with the extra leg room:

image

The following applications are open:

  • Outlook 2007 minimized to the Tray.
  • Word 2007 with one document minimized.
  • Internet Explorer 8 with 4 tabs open.
  • Windows Live Messenger
  • Windows Live Writer
  • One RDP session to a client SBS 2008.
  • One Windows Explorer connected to a remote Company SharePoint site.

Here is the memory footprint:

image

That extra 512MB of RAM has impacted the laptop’s performance significantly!

Now that there is virtually no swap file action happening, things move along a lot smoother.

With only 512MB of RAM installed into the laptop, things were grinding away too slowly.

So, a Pentium M laptop of any flavour with 1GB of RAM would work out to be a very good field laptop for our technicians.

Even a power user could use this setup with minimal impact on their performance … depending on what they needed to do of course! ;)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

30% Exam Voucher is Gone

We have given away the exam voucher (previous post).

Thanks to all of those who expressed an interest!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Friday, 19 June 2009

30% Off Microsoft Certification Exam Voucher

We have a 30% off voucher for taking a Microsoft Certification Exam that expires at the end of the month.

It is a bit short on notice, but if anyone is looking to schedule and take an exam before June 30 and would like a discount, please e-mail me and I will forward it to you immediately.

Thanks for reading! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Tuesday, 16 June 2009

SBS 2003 to SBS 2008 Migration Guide OOPS!

Ack! I miss keyed … and somehow managed to post the guide before it was ready in Windows Live Writer.

Post has been deleted on the blog, though RSS will have it for now. To avoid confusion, I suggest deleting the post from your readers.

The complete guide will be finished hopefully later this afternoon.

My apologies …

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Monday, 15 June 2009

Windows 7 UAC IS Broken – Video Proves It

We posted about our concerns with the possiblity of the Windows 7 UAC setup being broken: Windows 7 UAC is Broken?

Well, the authors of that blog post have gone on and demonstrated the vulnerability in a video:

After watching that video, there is no real reason for an SBS domain to have the UAC setting in Windows Vista turned off and Windows 7 UAC slider turned down.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Saturday, 13 June 2009

Office 2003 Won’t Uninstall when Deploying Office 2007 via Group Policy

After verifying that the workstations we have upgraded to Windows Vista Enterprise took the operating system without errors, we initiated an Office 2007 Professional Plus deployment via their SBS 2008 server.

In this case, we ran into a bit of a struggle with the existing Office 2003 setup.

In this particular network, the client was migrated to SBS 2008 via the Microsoft method about a month ago. The SBS 2003 box has since been repurposed.

For some strange reason, the Office 2007 install routine was not removing Office 2003 which is its default behaviour.

We were able to make sure that our Group Policy deployment was functioning as it should because one of the 9 workstations refused to upgrade to Windows Vista Enterprise (previous blog post) so we fresh installed the machine and it took the Office 2007 deployment without a problem.

When we tried to manually remove the Office 2003 install via Windows Vista’s Programs and Features menu, we were presented with a request for the PRO11.MSI file with the path pointing to \\OLD-SBS\ClientApps\Office2003Pro\PRO11.MSI.

So, out came the handy Windows Installer Clean Up Utility that we used to remove any reference to the Office 2003 install. From there, we removed the shortcuts in the start menu and ran a GPUpdate /force on the workstations.

After a reboot we were in business with the exception of one workstation where the Clean Up utility was run after Office 2007 was installed on it. Outlook was taken out by the utility so we needed to run the Office repair to fix it.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

XP Pro to Vista Enterprise In-Place Upgrade Error – Workstation Reboots

We are in the process of concluding a project for one of our non-profit clients upgrading their Windows XP Professional workstations to Windows Vista Enterprise with Service Pack 1.

One of the workstations refused to come back up on the reboot that takes us into the user name, password if any, computer name, and network type. It kept getting into the Windows Vista boot cycle to the point where the screen would go black just prior to the first question screen.

After watching the system do this for a couple of cycles, the one thing that seemed to be happening all the time was the optical drive light coming on solid just before the spontaneous reboot. The Windows Vista Enterprise DVD in the drive would not spin up though.

So, after trying to get into Safe Mode and being told that the install routine could not run in Safe Mode, we pulled the DVD just before the point where the light would come on.

The install routine kept happily humming along and eventually got to the requisite questions.

Here we are a number of hours later running the first round of WSUS delegated updates:

image

The troublesome workstation is not shown in this screenshot as it has seemingly started the update installs when we put it into a forced reboot cycle.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Friday, 12 June 2009

SBS 2008 – Printers Deployed to XP Pro x86 – Unable to Connect Error

We used our trusty PushPrinterConnections.exe setup in Group Policy (previous blog post) to deploy printers to a bunch of XP Pro computers on the SBS network we just migrated.

Two of the printers were the same model in two locations within the organization and kept complaining “Unable to Connect”.

Right click on the printers and we see the following:

image

Printer Properties

Printer properties cannot be displayed. Windows cannot locate a suitable printer driver. Contact your administrator for help locating and installing a suitable driver.

Okay, so initially, nothing we came up with in our searches gave us a real clue as to how to get things working.

The ultimate clue came from Steve Rowe’s Blog:

Sure enough, open the x86 and x64 INF files for the affected printer and we see:

image

The top INF is the x86 (32bit) version and the bottom is the x64 (64bit) version. Note the difference in the printer name.

The top INF file is actually a copy of the original made along with an additional extension .PHL to keep it safe.

We tried to remove the “ XL” portion along with the “_XL” at the end of the various GPD strings but we would receive a “Not Digitally Signed” error when we did that.

Since the SBS OS is x64, we left the proper digitally signed “ XL” based driver and used the Print Management Console to load the x86 driver with a modified INF file:

image

Note the addition of the “ XL” in the name versus the previous screenshot along with the addition of the “_XL” at the end of the GPD string.

SBS 2008 still complained about the driver not being Digitally Signed, but since they were being delivered to x86 XP Pro clients we were not too concerned.

The main thing was we had the printers available to users once we deleted the old “Cannot Connect” printers and rebooted.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Thursday, 11 June 2009

SBS 2003 to SBS 2008 Migrations – Exchange 2003 Uninstall Step is a Must!

One of the last steps to conclude the migration process is to remove the Routing Group Connectors.

From there, it is absolutely essential that Exchange 2003 be uninstalled from the SBS 2003 server!

Make sure to have disk 2 handy for the Exchange uninstall as the files in the Exchsrvr65 folder will be requested during the process.

From there we DCPromo the old SBS 2003 box to remove Active Directory.

The SBS server we are working on has not had all of the redirected folders moved over to the new SBS 2008 box yet. So, we will leave it alone as a member server until early next week when we will Workgroup it and then clean up SBS 2008’s DNS, Active Directory, and remove any legacy settings where required.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

SBS 2003 to SBS 2008 Migration – 57 Mailbox Move Time

The migration we have been struggling to get running is well under way now.

The source server is a single Xeon X5300 series Quad Core Dell with 15K RPM SAS drives and a Gigabit connection.

The destination server is a dual Xeon E5400 series Quad Core Dell with 15K RPM SAS drives and a Gigabit connection.

Both servers were plugged into a Gigabit switch with a large backbone.

The total time to move 57 mailboxes running close to 50GB was 3 Hours and 20 Minutes!

image

We did not experience any lost e-mails or anything left behind on the old server which would have meant a rerun of the Mailbox Move Wizard.

All in all, it is good to see that this critical portion of the migration has run through without a hitch. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

SBS 2003 to 2008 Migration Stall – Event 1001 SBSSetup.exe and CLR20r3 – Workaround Found!

In our particular case, the actual root of the problem has not been brought to light yet, but we do know how the hiccup is happening and how to get around it now.

The interference was not an Active Directory sourced one as we originally had thought. Yes, the breakdown was seemingly happening during the replication phase of the SBS 2008 OS install, but the replication failure turned out to be a red herring.

The cause of the problem was actually found to be a reboot that happened before replication could actually happen!

How is that?

The Windows Update service was downloading and installing updates despite the fact that WSUS on the source server is set to only allow updates to be downloaded and then the admin notified that there are updates waiting to be installed.

The clue was in a “Windows is installing update X of X” window that flashed by quickly during Wayne and Justin’s troubleshooting.

So, onto the workaround!

Create a blank Migration Mode Answer File that has the Source, Destination, and Gateway IP in it only:

image

When it comes time to enter the migration specific information, the following screen will show up:

image

Check both items and click the Next button.

The Time Zone settings will come up next. This step can be done as soon as the above Start the migration window shows up.

Hit SHIFT+F10 key to bring up a command prompt:

image

Type: Services.msc [Enter]

Once the Services console comes up, we can then stop the required services and subsequently disable them (note the Dell DRAC toolbar):

image

Attempt 1 with just the Windows Update service stopped and then disabled failed with a blue screen. We managed to salvage the MiniDump file along with the Logs directory on the SBS 2008 box before making the second attempt. We have not examined the dump file yet.

In attempt number two, we stopped and disabled the following:

  • Update Services
  • Windows Update

Attempt 2:image

Once the services have been disabled, check the two radio buttons and click Next:

image

It is important to make sure that the time and time zone settings are correct:image

Verify the IP settings already present in the Answer File:

image

When prompted about getting updates, make sure to click the Do not get the most recent installation updates button!

image

SBS 2008 will then go ahead and make its connections to the network:

image

Next up is the business’ information:

image

We are not installing ForeFront nor Windows Live OneCare for Server on this box:

image

This is what the progress bar will look like when things are working as expected:

image

Our particular crash would always happen when the progress bar was at the “th” in “whether” found in the above screenshot’s second sentence line.

Finally, after about 45-75 minutes of waiting we had:

image

Once the above successful migration status is shown, do not forget to re-enable the service, or services, via the Services Console:

  1. Start –> Services.msc [Enter]
  2. Update Services = Automatic (Delayed Start)
    • image
  3. Start the service by clicking on the Start button.
  4. Windows Update = Automatic (Delayed Start)
    • image
  5. Start the service by clicking on the Start button.
  6. Once the services kick in, then the server will be requesting a reboot to reseat them almost immediately:
    • image

We are truly grateful to Wayne and Justin for figuring out how to get things working.

It is now 1230hrs, or just after midnight here, and the mailbox migration has just started on fifty some mailboxes totaling around 50GB worth of data.

The original post on this problem is here:

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Wednesday, 10 June 2009

Windows 7 UAC is Broken?

By default, we enable UAC to prompt for credentials on our SBS 2003 and SBS 2008 networks.

A while back we heard about the possibility of Windows 7 breaking UAC (User Account Control) due to the effects of the UAC Slider that allows for changing the how/when a user would receive the UAC prompt.

The default Windows 7 UAC Slider position is one stop below the “ON” position, “ON” being UAC turned on in Windows Vista, that allows certain types of elevation to pass by without user consent or notification that the elevation has happened.

Apparently, there may indeed be a vulnerability in the new UAC Slider:

Tied into the above Group Policy mandatory UAC elevation settings is user training.

Putting a lock on the door does not stop the person inside from opening the lock and subsequently the door to someone or something on the outside.

Training involves letting the user know the how and why a UAC will prompt. Keeping it simple is the best way:

  • If you are not installing a known software product, then Cancel.
  • If browsing the Internet and a UAC prompt happens, then Cancel and close the browser window.
  • If browsing the Internet and an AntiVirus message happens, save and close any work then Log Off. Do not go back to that site after logging back in.

By keeping the training simple and tying it into everyday analogies like the locked door above, users will get a pretty good idea of what is good and what is bad. We call that “Internet Street Smarts”.

Long’s article reaffirms to us that UAC needs to be enabled and set to “ON” by default, elevate with credentials required (we push a local admin account out to all domain enabled systems – Step 26 Part 3 – SBS 2008 Setup Checklist), and make sure that the elevation happens on the Secure Desktop.

Having a good lock on the door is a good start to tightening up SBS network security.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Tuesday, 9 June 2009

Intel On-Board RAID 1 Failed Array Member Replacement Method

A system we have on our bench has some serious gremlins working in it.

We have since replaced the original 150GB Raptors with 150GB VelociRaptors, we replaced the RAM, and we replaced the motherboard.

The replacement of the Raptors and then a subsequent OS install served to really stabilize the system. There were no more spontaneous reboots happening every couple or three random hours.

But, the system would still spontaneously reboot every two or three days. We have had the full Season 2 of 24 run through the box alternating with a local radio station for good measure. All multimedia runs through Windows Media Center on Windows Vista Ultimate with a Hauppauge PCI-E multimedia card providing the radio and a Radeon HD3870 providing the DVD decoding. A SoundBlaster X-Fi rounds out the configuration.

The onboard Intel Matrix Storage BIOS would not let us replace the defective hard drive no matter what methodology we tried.

A call into Intel support provided the guidance we needed to get things working as they should.

We had to delete the RAID 1 set the last good array member was on. From there, we booted into Windows Vista and needed to start the Intel Matrix Storage Console.

image

In the Console, we needed to switch to advanced mode, then select Create RAID Volume from Existing Hard Drive.

We chose to create a RAID 1 array.

The next step, which is choosing the source drive for the array, is critical. Since the failed drive was on Port 0, we knew that the drive on Port 1 need to be the source drive.

Once we selected the source and destination drives we let the Migration process run. It took about 45 minutes for it to complete. We then did a reboot to make sure that the OS was still good to go.

Hopefully the flaky behaviour we have seen so far will disappear now that one of the array members has outright failed … hopefully!

We will run Season 3 of 24 through the machine, balancing that with some local radio station tunes to make sure. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Hyper-V Error – Access Denied. Unable to establish communication between Hyper-V and Client

While setting up a Hyper-V server for Wayne and Justin to work with some VMs to troubleshoot the SBS 2003 to 2008 replication error, we ran into a roadblock with getting the Hyper-V Manager connected to the Hyper-V Server 2008 box:

image

Virtual Machines

Access denied. Unable to establish communication between ‘Hyper-V Server’ and ‘Hyper-V Manager’.

This is puzzling since the workstation has been connected to this particular Hyper-V server many times using other network profiles. The profile we created for the Microsoft folks was seemingly giving us the connection issue.

The fix took a bit of searching to find and needed to be accomplished on the Windows Vista system where the Hyper-V Manager was installed:

  1. Close the Hyper-V Manager
  2. Click Start and type: %windir% [Enter].
    • A Windows Explorer window will open to the Windows directory.
  3. Type: dcomcnfg in the Search Windows field at the top right hand of the Explorer window.
    • You will see the following in your search results:image
  4. Right click on dcomcnfg and Run As Administrator.
    • Authenticate with the local admin credentials if UAC prompts for credentials, or Continue if it does not.
  5. Open the Component Services node, then the Computers node, then right click on My Computer and click on Properties.
  6. Click on the COM Security tab.
    • You will see the following:image
  7. Click the Edit Limits button under Access Permissions.
  8. Enable Remote Access for Anonymous Logon
    • Before and after shot:image
  9. Click Apply and OK.
  10. Close the Component Services console and the Windows Explorer window.
  11. Start the Hyper-V Manager and continue through the UAC.

The virtual machines, if any, will show up in the Hyper-V Manager console after that.

Thanks to Augusto Alvarez for the clearest and exact explanation for the fix:

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Monday, 8 June 2009

SBS 2003 to SBS 2008 Migration Error – Update #2

After an admirable series of attempts to get things working by Edwin and his team, our SBS 2003 to SBS 2008 migration problem has been escalated up to Wayne and Justin (Official SBS Blog) in Texas.

When working with Edwin and Nibin (previous blog post), and now Wayne and Justin, it becomes quite clear that there is so much to learn about the products we work with.

It also brings to mind the old cliché: The more we know the less we know.

Keeping that perspective helps to keep the head (ego) small enough to fit through doorways! ;)

We will now wait and see just how things turn out …

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Friday, 5 June 2009

SBS 2003 to SBS 2008 Migration Stall – Update – A Little More Confidence Now

We have put a lot of time into a failed SBS 2003 to SBS 2008 migration.

We have since initiated a support incident with Microsoft’s Product Support Services (PSS). We spent about 4 hours working with the first support engineer which lead us nowhere.

Needless to say, there was not a lot of confidence going into the second round that was an escalation from the previous day when we were contacted by PSS yesterday.

We did not want to burn another 4 or more hours, it ended up being the whole day, babysitting the PSS remote session and come to a point where we were no further ahead.

It is very important to note that in this case we were able to have a ShadowProtect image sent up to us and we were able to restore that image on a server here and replicate the error by running the migration process on our lab servers.

Why is that important?

Because, when we finally spoke to Edwin at the end of yesterday’s seemingly nonproductive support session and expressed frustration with the situation, he came around and explained what they were able to discover by being able to DCPromo the SBS 08 box out of the SBS 03 domain and DCPromo it back in again.

The lab has provided the support team with unfettered access to the problematic domain without impacting productivity on the production SBS domain! And, as a result, they were better able to pinpoint what they think is the source of replication errors between SBS 2003 and SBS 2008 by DCPromoing .

This morning, in my discussion with Edwin as we began the next round of troubleshooting, I mentioned my MVP status and he asked me if I had heard of his recent document on SBS 2000 to SBS 2008 Migration (document download page)!

Edwin Anthony Joseph (his blog) is the lead engineer that we are working with. And yes, I mentioned that I have heard and read his document and that it is an excellent methodology for migrating from SBS 2000.

So, today, Edwin is working with some additional team members that are tied into Active Directory and replication. Hopefully, by the end of today we will have the source of the problem and the steps needed to fix it on the actual source SBS 2003 network!

Needless to say, we are a lot more confident that we are going to come through this with a positive result.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Wednesday, 3 June 2009

Win7RC on Tecra S1 Pentium M 1.7GHz 512MB Update

Now that I have had a chance to work with this laptop on a frequent basis I can give a little more accurate of an assessment of Windows 7 Release Candidate’s performance on it.

The unit is configured as follows:

  • Toshiba Tecra S1
    • Intel Pentium M 1.7GHz single core no HT
    • 512MB RAM
    • 60GB 5400RPM IDE hard disk.
    • 15” high resolution LCD
    • ATI Mobility Radeon 9000 (not WDDM compliant)

The Task Manager looks like this:

image

While this laptop will not run Windows Vista to give one a reasonable workstation type experience, Windows 7 will at least give decent performance for most tasks.

This is what one can expect to see when there is Outlook, IE8 with a couple of tabs, and a couple of other windows open and trying to open a new tab or initiate a search:

image

Outlook almost always complains that it is not responding when it is pulled up from being minimized to the tray and asks whether it should be terminated. Ignore these messages and the requested window will eventually respond and show up on the screen.

In the mean time, the hard drive light is pretty much constantly lit with the swap operations.

So, we need at least 1GB of RAM to provide a more seamless window swap when switching between open applications or opening a new application. 2GB of RAM and this laptop would fly. Not much different than our initial experiences with Windows XP when it was released.

For basic use though, this setup is more than enough for browsing and e-mail. It would also make a great inexpensive college computer for a student living on a tight budget.

Going back to Windows Vista after getting more and more comfortable with the Windows 7 SharePoint integration features and Search is quite painful too.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Cannot start Microsoft Office Outlook. Cannot open the Outlook window.

There are two profiles on the Windows 7 RC laptop we are using at home, Monique’s and my own.

Monique’s Outlook is still humming along after Office 2007 SP2 while mine took a turn for the worst:

image

Microsoft Office Outlook

Cannot start Microsoft office Outlook. Cannot open the Outlook window.

There was nothing relevant that came up in our searches for a solution other than a suggestion to rebuild the local Outlook Profile.

To do that, delete the profile in the Mail properties that is available in the Control Panel in x86 (32bit) versions of Win7 or behind the Legacy 32bit Control Panel Icons in x64 (64bit) versions of Win7. The exact name of the legacy icon in Win7 x64 slips the mind at the moment but it is there.

When recreating the profile and the connection to a remote Exchange server as is the case here make sure to not click the Check Name button until after the Outlook Anywhere settings for the RPC/HTTPS connection have been set. A credentials prompt will happen once the button is clicked.

All SBS Outlook Anywhere credential prompts are formatted:

  • SBSDomain\FirstLast
  • My very l0ng password!

It took several runs at getting the profile to stick, but once the Exchange credentials prompt seemingly took the server name and the username were underlined in the Exchange Server e-mail profile window as per the following screenshot:

image

Note that the Use Cached Exchange Mode is unchecked. That is what we needed to do to get things working. We enabled Cached Mode once things started to work.

One of the drawbacks to having to rebuild my profile is its size due to the volume of e-mail that I deal with.

UPDATE 2010-06-30: As Marek suggested in the comments section, the proper way to fix this is to run the following command:

  • XP: Start –> Run –> Outlook /resetnavpane
  • Vista/7: Start –> Outlook /resetnavpane

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Tuesday, 2 June 2009

A First – Intel E6850 Fried

The system stopped dead in its tracks. Nothing along the lines of standard troubleshooting brought it back to life.

  • Pull the A/C from the PSU and pull the BIOS battery leaving it sit for 15 minutes.
  • Change the PSU (Power Supply)
  • Pull all add-in cards.

Nothing worked.

So, we RMAd the motherboard since that would be the next most common component to fail.

The replacement came, we swapped the boards and the system did indeed power up.

We flashed the BIOS with the most current version and set the RAID to enabled since the system has two 300GB drives in a RAID 1 array via the onboard Intel controller

One of the more puzzling things to see when the system came to Windows Vista’s “I didn’t shutdown properly” black screen with boot options was watching each letter take about 3-5 seconds for each letter to be placed on the screen.

That was pretty bizarre.

We reset the BIOS settings to factory defaults just in case something we set in there was not being liked.

Windows Vista did indeed begin to boot only to have the system shut itself off.

When we powered it up again there was an error message on a single line stating that the system was shutdown previously due to a CPU thermal event.

The system refused to boot from there.

In all of my years of working in this industry, this is probably the first time I have ever seen a CPU failure.

A replacement CPU is on the way and hopefully the replacement motherboard in the system did not get taken out in the process.

We will find out tomorrow when the CPU arrives.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Monday, 1 June 2009

SharePoint Document Library Explorer View Disappears After SBS 2008 UR2

Pretty much all of our SBS 2008 boxes have Update Rollup 2 installed on them.

What we have been seeing is the following in a document library after UR2 has been installed:

image

Notice anything missing?

For avid users of SharePoint, where there is a need to transfer files between the Companyweb site and file shares on SBS, the Explorer View capability is critical. This applies whether we are in the office or working remotely.

It is even more critical for those of us that have gotten use to Windows 7’s ability to tie SharePoint document libraries into the Libraries Feature (previous blog post).

This is what the View dropdown menu should look like:

image

Thanks to Susan Bradley, a pointer to the SBS 2008 UR2 was made and the necessary fix which is to be found on the Official SBS Blog:

We need to Enable Client Integration under the Authentication Providers section in  SharePoint Application Management:

image

image

Once we clicked the Yes radio button and then the Save button, the document library menu would show the Explorer View option.

We did not experience the Read Only problem, just the missing Explorer View menu item so far.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer