Saturday 31 July 2010

Dell RAID Array Drive Failure

We had all of the Dell management utilities configured when the box was put into production which meant that the e-mail alerts that were set up were tested good.

For some reason they did not fire when a drive in one of the Dell server’s RAID arrays failed. The RAID controller is a PERC 6/i which has no audible warning on it so no one in the office beside the server closet knew anything was up.

Since this is a remote server we have contacted our client with the news and will work with them and Dell to get that drive swapped out as soon as possible since the array in jeopardy contains their data.

image

We will spend some time trying to figure out why OpenManage failed to send an e-mail as well.

The lack of an audible warning on Dell configured LSi RAID controllers has been mentioned here before.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Wednesday 28 July 2010

SBS v7 Memory and Resource Usage

Here are some screenshots for you:

image

Yes, that is the Exchange store weighing in at a comfortable 2GB+ of RAM!

The box itself is not too busy right now, but there will need to be some serious evaluation done on the purposing of the SBS box beyond running SBS and perhaps an AntiVirus management console.

image

This box is an Intel SR1530HSH Server System running an Intel S3200SH server board with 8GB of RAM. An RS2BL040 RAID controller and three 450GB 15K.7 Seagate SAS drives round out the configuration in RAID 5 as there are only three 3.5” hot swappable drives in this rig.

Based on our initial observations any server needing to run SBS v7 should be at least Quad Core preferably with HyperThreading for a total of 16 threads. It should have 16GB of RAM and preferably have a hardware accelerated RAID controller along with SAS drives.

Since we are a relatively small shop, we will run with the RAID 5 setup on this box until we migrate to the next version of SBS v7. Then we will purpose a pedestal box with a bit more RAM and some extra drives in RAID 10 to see if we notice any performance differences.

We will be shuffling the SharePoint Foundation content database off of SBS v7 and onto a dedicated SQL box to save on some of the migration time for SharePoint. It will also save a bit on the disk I/O and RAM as we use SharePoint _a lot_ in our shop and via the Internet.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Cisco Small Business Pro SA 500 Series Security Appliances

We have been looking around for a security appliance to replace our SBS 2003 Premium ISA installs for a while now.

We have looked at a number of different vendors with none really standing out as the right product for our client’s needs.

Cisco however, has a relatively new product line in the Cisco Small Business Pro series. This series was born out of an initiative created when Linksys was brought on board with them.

image

When it comes to features needed with regards to replacing ISA we are looking for the ability to assign multiple static IPs to the WAN port on the appliance.

Having multiple public IPs on the WAN port allows us to publish multiple server or backend systems that the client may have that requires a dedicated SSL HTTPS connection.

We found out today that the Cisco 500 Series Security Appliances (Cisco product comparison page) have the ability to bind multiple public static IPs to the WAN port that allows us to set up rules to publish any needed internal services.

As a result, we are in the process of acquiring an SA520-K9 security appliance from one of our suppliers. Once it arrives we will evaluate the product to see if it really can meet our client’s and our needs.

If it does, our search for a reasonably priced and fully featured gateway appliance product has ended.

The bonus in all of this is that the Cisco name sells itself.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Tuesday 27 July 2010

SBS – ActiveSync Error 0x80072F0D – Security certificate is invalid

As we go through the current SBS v7 migration we have hit a few different issues.

This SBS is using a GoDaddy certificate where everything is seemingly set up correctly, but ActiveSync does not agree.

Microsoft Exchange

Result:
The security certificate on the server is not valid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server.Support code: 0x80072F0D

So far, we have ran through and verified that the GoDaddy certificate and Intermediate Certificate Authority certificates are installed correctly.

We set up a test e-mail account to help with our troubleshooting using the Microsoft Exchange Remote Connectivity Analyzer.

image

This is the result:

image

When we drill into the Test Details section to come up with the reason we see:

image

Validating certificate trust for Windows Mobile Devices

Certificate trust validation failed.
Additional Details

Missing intermediate certificate in Certificate Chain. Subject = SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US, See KB 927465 for more details.

The process that we went through to make sure that SBS v7 had its certificate hierarchy in place was the following:

  1. Open the Certificates.msc that is found on the desktop.
  2. Open the Certificates folder under Intermediate Certificate Authorities folder.
  3. Delete any GoDaddy certificates in that folder only.
  4. Download the following certificates from GoDaddy’s Repository site:
    1. gd_cross_ntermediate.crt
    2. gd_intermediate.crt
  5. In the Certificates console:
    1. Right click on the Intermediate Certificate Authorities root folder and Import.
    2. Import the gd_cross_ntermediate.crt _first_
    3. Import the gd_intermediate.crt _second_
  6. In the Personal –> Certificates folder
    1. Verify that the needed GoDaddy certificate is properly keyed.
    2. Delete any GoDaddy certificates that are not needed.
  7. IIReset from an elevated command prompt.

Once we cleaned things up our ActiveSync connection test was successful:

image

Note that we are using a test user account that was created just for this task. Once we have all of our troubleshooting issues taken care of we will delete this account.

The KB referenced in the above failed test results:

Note that if ISA/TMG is running in front of the SBS network that the OS ISA runs on top of must also have the intermediate certificates installed according to the above instructions.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

SBS v7 Product Shots

We have our hands on an early release of SBS v7.

Here are some screenshots:

image

Welcome E-mail

image

Companyweb on SharePoint Foundation 2010

image

Remote Web Workplace Logon Page

image

RWW Portal

As can be seen, there are a number of possible new features involved with the Remote Web Workplace portal though nothing is set in stone as of yet.

So, like any early release version of a product, the above may not resemble the finished product that comes off the assembly line.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Monday 26 July 2010

SBS Migration Error: Exchange – The token supplied to the function is invalid 80090308

We are in the process of running an SBS 2003 R2 server and have run into this error:

image

Exchange System Manager

The token supplied to the function is invalid.

ID no: 80090308
Exchange System Manager

A search on the error led us to the following Microsoft Knowledgebase article:

The fix is to clear both check marks for SSL on the ExAdmin virtual directory in the source server’s IIS:

image

Once we closed and opened the SBS 2003 Console and attempted to run the Public Folders move again we hit the same error.

We are using a wildcard SSL certificate on our old SBS 2003 setup, so that may have some part in this problem.

After some further digging, we came up with the following:

image

  1. Open ADSIEdit.msc
  2. In the left side pane expand the Configuration container.
  3. Next expand CN=Configuration
  4. Then CN=Services
  5. CN=Microsoft Exchange
  6. CN=<your organization name here>
  7. CN=Administrative Groups
  8. CN=First Administrative Group <or it may be your original Exchange 2000 site name>
  9. CN=Servers
  10. CN=Protocols
  11. CN=HTTP
  12. CN=1
  13. Right Click on CN=Exadmin and choose Properties.
  14. Find the above indicated msExchSecureBindings setting and Remove any ports listed. In the above case we removed the 443 port.
  15. Click Apply and OK.
  16. Close and reopen the Exchange System Manager or SBS 2003 Console.
  17. Rerun the Public Folder move.

This second fix actually did the trick as we watched the PF move dialogue boxes fly by and eventually our source SBS 2003 PF looked like:

image

The second fix was found here by Jerry Zhao (MSFT) on April 13 at 0658Hrs:

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Saturday 24 July 2010

SBS – Error: A networking component is not configured properly. (Component ID 4)

On SBS after running the Fix My Network Wizard the following may be shown as one of the Potential Network Issues:

image

A networking component is not configured properly. (Component ID 4)

The indicated Microsoft link takes us to:

That error code tells us that the TS Gateway service is not configured to use the SSL certificate configured in IIS.

This Knowledgebase article also has the (Component ID 3) error which indicates a problem with the RPC virtual directory settings.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Friday 23 July 2010

Amazing WSUS v3 Cleanup Wizard Time Now Into Days!

We started the cleanup wizard on our managed SBS 2003 boxes three days ago.

All of the boxes finished in anywhere from 18 hours to 36 hours later.

We have however, one box that is _still_ running its cleanup process.

Now, this is not one of our normally crusty boxes as it is under 2 years old and is running a quad core Xeon X3220 with 4GB of RAM. Its reports normally come in every morning on time.

Since starting the wizard the reports have stopped, but we left the wizard alone just in case.

It took _two full days_ for the wizard to gain and hold just one pip on the progress bar.

So, here we are three mornings later:

image

We now have a number of pips in the progress bar but the process is still moving quite slow.

On the other boxes, the SQL process handling the cleanup usually pins a core on the server. In this case the SQL process has barely taken any additional headroom on the CPU.

image

Judging by the CPU time allotment shown in the above Task Manager Processes tab new the cleanup process is running however slowly.

If we have not seen at least three or four additional pips on the progress bar we will reboot this box tonight and restart the process.

We track the progress by setting a Notepad window above the progress bar and noting the advances of the progress bar:

image

The WSUS V3 Cleanup Wizard may look like it is not working even when checking the SQL Process CPU usage in the Task Manager, but in this case we let it ride and things started to move after a day!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Thursday 22 July 2010

Intel Modular Server – Promise VTrak e310sD Has Arrived

A client that is running a three node Hyper-V Server 2008 R2 cluster on an Intel Modular Server (IMS) needs to have _a lot_ more storage configured for their highly available VMs.

Their current SPF file server is dying a harsh death and causing all sorts of problems with folder redirection and share availability.

In our initial investigations into augmenting storage for servers and/or clusters running on the IMS we ended up focusing in on the Promise VTrak series of direct attached storage units as indicated in the above blog post.

Well, our first VTrak unit, an e310sD 12 bay with dual controllers,  has arrived here at the shop. We are waiting on the 12 300GB 15K.7 Seagate SAS drives and the two Adaptec external mSAS cables that should be showing up tomorrow or early next week.

Once we have everything together, we will look to getting our own IMS fired up ASAP as we will be testing a few configurations on our own systems before looking to deploy at the client’s site.

Client IMS Storage Configuration

The client IMS in question is configured similarly to ours in that we have all 14 drive bays in the IMS configured with 146GB 15K Seagate Savvio SAS drives.

  1. Storage Group 1: 2 physical disks – Low I/O Requirement
    1. H-V 2K8 R2 OS volumes for nodes
    2. Single volume for H-V configuration files (VM memory files etc).
  2. Storage Group 2: 4 physical disks – Medium I/O Requirement
    1. TS VM Remote Apps installation and other data volume
    2. SBS VM secondary storage
    3. Desktop OS VM volumes.
  3. Storage Group 3: 6 physical disks – High I/O Requirement
    1. SBS VM OS, Exchange, and other volumes
    2. SQL VM OS and database volume
    3. TS VM OS volume

The Promise VTrak will be used to add some high capacity medium I/O performance storage for the cluster to allow for the company’s redirected folders as well as folder shares to reside as an attached volume within the highly available SBS 2008 OS VM.

Hyper-V VM IDE Limitation

Keeping in mind that we only have 4 IDE connections to work with in a Hyper-V based VM, we usually only have 2 VHDs IDE connected at a time in a production scenario.

One IDE connection hosts the VHD OS volume, one hosts the VHD with data sets, and one IDE connection remains open.

If there is a need to recover the VM, we can attach a remote VHD to the open IDE connection and it will be seen by the backup software as a source to restore from.

This configuration leaves one IDE connection left over for the Hyper-V “optical” drive that is always connected.

VM Backup Destination VHD

Note that the remotely accessed VHD is actually connected via the Hyper-V SCSI bus which is hot swap capable in Hyper-V Server 2008 R2 thus allowing us to “rotate” the backup VHDs. Backups to those VHDs are encrypted using ShadowProtect.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Wednesday 21 July 2010

Managed Services Training Day

Managed Services Training

We facilitated a training session this morning with an I.T. firm’s team on how to implement a similar hybrid managed services model to ours.

We addressed the need to understand our clients and how they utilize their technology, how their utilization can be improved, as well as how assess those needs.

We also delved into how to present our managed services in such a way that the business owner realizes just how valuable they are. The value discussion is where the deal is won or lost.

From augmenting our existing client’s managed services with ExchangeDefender to facilitating their licensing using SPLA to enable a low monthly payment we discussed the many ways that we can pull together hardware, software, licensing, and our services to provide a great managed services offering.

In the end everyone appreciated the training and gave 100% positive feedback.

MPECS Inc’s Managed Services Offering

For us, our implementing of a hybrid managed services platform has eased the feast and famine cycle significantly. By doing so, we are better able to bring on part time technicians to help out with our client support needs and as we grow to look at bringing on a part time sales person. In both cases we hope to move towards a full time staff.

We make our monthly managed services charges a part of any quote or proposal that is going out to a prospective client. During our conversations with the owner/contact we would have discussed those services and their value.

An analogy that can be used with the owner/contact would be along the lines of a car needing regular oil changes, brake work, tires, cleaning, and the like as part of their ongoing ownership expenses. We expect those charges for our vehicles, we should also expect them for our IT infrastructure.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Beer Budget Hyper-V and/or Lab Server

Sometimes past memories happen to drop in when a question gets asked or something happens to trigger them.

One of those moments came when looking at a question we answered for someone going way back where they asked how to build a beer budget lab box.

At the time, server based hardware was significantly more expensive than the entry grade server equipment that we can get today.

So, in answering this question, the memory that popped up was one of the first lab boxes that we ever had. It was a server board that was a few generations prior to current, a pair of Intel CPUs running at what speed we are not sure of (not Tualatin CPUs), 32MB or 64MB RAM, and a pair of IDE or SCSI hard drives. Everything was sitting essentially out in the open.

Eventually they were mounted to the lid of an old desktop case much like our current Data Mule system was.

 image

MPECS’ Data Mule system

Keep in mind that there is a need to know how to use a Tap & Die set to create the threaded bores the motherboard standoffs will need to be set into if custom mounting the server board to an old case shell.

Otherwise, an old Styrofoam hard drive shipping container will work fine for setting the server board and drives into for protection but minimal initial cost.

So, here is the beer budget server setup that will allow for Hyper-V to run with hardware virtualization with prices showing in Canadian dollars.

  • Intel S3420GPLC $232
  • Intel Xeon X3430 $209
  • RAM configuration options
    • 8GB (2x 4GB) Kingston $290
    • 16GB (4x 4GB) Kingston $580
  • 2 SATA drives RAID 0 $120
    • no redundancy but gives performance.
  • Decent three rail 550 Watt PSU $80
  • OPTIONS
    • Intel PRO series dual gigabit NIC $200
    • Intel SC5650UP server chassis $250
    • 16GB (2x 8GB) Hynix $840
    • 32GB (4x 8GB) Hynix $1,680
    • Intel RS2BL040 PCI-E RAID $350

Using the above guide, we can have the bare minimum lab box up and running with 8GB of RAM for $931 plus applicable taxes and/or shipping charges if needed.

We all have USB keyboards and mice kicking around or can be had for pennies. Plus, a local system builder would probably be more than happy to part with a few bags of system screws, standoffs, and the like for a couple of bucks.

A DVD optical drive can be had very easily though newer OS installs can be done via USB flash drive thus eliminating the cost there.

As the budget allows, speed up those installs by purchasing faster 8GB USB flash drives with the best speeds being a real-world 35MB/Sec read and 30MB/Sec write. OCZ makes some great ones in the Rally2 Turbo and the ATV Turbo.

Note that USB 2.0 flash drives will become harder and harder to find as USB 3.0 drives come in. So far, the USB 3.0 drives are _a lot_ more expensive than their older USB 2.0 siblings.

BTW, a couple of LED fans would provide stylish cooling for that extra touch . :D

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Tuesday 20 July 2010

The WSUS Cleanup Wizard on SBS 2003 and SBS 2008

On some of our older and more crusty SBS 2003 R2 installs with WSUS v3 installed, we need to run the Cleanup Wizard on a fairly regular basis to keep the SBS Reports from having a blank page with an error.

image

Given that some of these older boxes may not have multiple cores or even HyperThreading enabled on them, the cleanup process can  actually impact the server’s performance big time.

When the wizard starts, the process should actually be run in two steps.

image

The first step will take anywhere up to 30-60 minutes depending on the age and speed of the box.

The second step can take _days_ even on boxes we frequently run the wizard on.

The Cleanup complete screen below actually took close to 36 hours to complete:

image

Besides being a part of our regular maintenance routine on both SBS 2003 and SBS 2008 boxes, we also need to run the wizard prior to running a migration to make sure to trim things down.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Why We Use ExchangeDefender

Here is the content of an e-mail sent to a questioner that was indicating a couple of appliances to provide gateway services and spam filtering respectively:

We use ExchangeDefender to provide a number of e-mail related services to our clients:

  • Reputation Protection: All outbound e-mail goes through ED’s servers eliminating any possible hang-up due to blacklisting of local ISP IP.
  • Spam Protection: No need to publish internal Exchange server’s IP address via MX. MX points to ED’s servers thus eliminating a spammer technique of direct connecting to your server.
  • Continuity: The LiveArchive feature provides up to a year (or more) of legitimate SSL secured access to e-mail.
  • Continuity: LiveArchive allows for users to logon and reply to and send e-mail in the event of a server outage.
  • Encryption: [Encrypt] tag or policy based encryption of outbound e-mail.
  • Management: Can be done by us or the admin contact at the client site. The GUI is very easy to work with.
  • Management: E-mail graphic reports for spam and legitimate e-mail.
  • Management: Whitelist management via domain or e-mail address at the user and admin level.
  • Management: Daily or Daily + Intraday reports for users to see just what is caught in the filters. Simple one click Release or Trust Sender.

For SMB clients, e-mail continuity has become _the_ most critical element to keeping their business alive.

Protecting that e-mail server by not allowing the ISP provided IP address to be published to the Internet along with restricting SMTP access to ExchangeDefender’s servers alone on the Internet gateway device go a long way to securing the server.

From there, the service is very easy to use for both administrators as well as our client’s users.

For us, ExchangeDefender is a part of our hybrid managed services offerings but is also offered standalone to our clients.

One thing to keep in mind when it comes to offering services such as hosted Exchange and Exchange Defender is that as we bring on more clients our bottom line gets a little boost. That revenue is the best type of revenue there is: _residual_!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Thursday 15 July 2010

Time To Catch Up

We had a family situation that came up late last week that required me to fly out of Edmonton early Monday morning.

I am now back and looking at all of the Microsoft announcements and product news that happened while I was disconnected. It will take a bit to process all of the news bytes, but they look to be really exciting!

So, once things have settled in, there will be more to come on all of the changes coming down the pipe for us.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Thursday 8 July 2010

Friday Live Meeting Cancelled

Folks, we have had a situation come up that unfortunately means that we will not be able to fulfil our Intel Modular Server fire up tomorrow morning.

My apologies to you and I hope that we can get the Live Meeting going again soon!

Thanks for reading. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Credit and Debit Card’s Chip And PIN Security?

We all pretty much know how things work when it comes to information, identity, and personal security.

The good guys are always playing catch-up with the bad guys.

The other side of that coin is that the bad guys do not take long to break into the good guy’s stuff.

A lot of companies are presenting the new Chip & PIN structures now commonly found in debit and credit cards as being secure.

But just like any door and key structure (remember this post?), the bad guys are really good at finding the weakest link in the security chain. The linked post was thieves finding the weakest link in the front door lock on our own office.

Most of the following Web pages in this post came via this Bing search:

Chip and PIN

So, let’s pick one such company and its Chip & PIN statement, a Canadian bank:

image

6. I've heard of Chip and PIN cards being compromised, is this true?

At this time, we are not aware of the chip being compromised on any Chip and PIN cards. Any compromised issues that have arisen have been due to the magnetic stripe that is also on the card. For the time being, all RBC Chip and PIN Visa cards must also include a magnetic stripe to ensure continued acceptance everywhere (including locations that have not converted to Chip and PIN technology). Without the magnetic stripe cards could not be used at non-chip-enabled terminals. Rest assured that transactions completed with the magnetic stripe on your RBC Chip and PIN Visa card are as safe and secure as ever. RBC maintains aggressive fraud prevention practices to reduce card fraud and to ensure cardholders are protected. In addition, the Visa Zero Liability policy protects you should your card ever be compromised due to fraudulent activity. For more information about this policy, see your cardholder agreement.

The link to the above FAQ as of this writing is: Royal Bank of Canada: Chip and PIN FAQs.

With statements like the above, a debit or credit card issuer may be inclined to deny any fraudulent claims thus possibly leaving the end user with large purchase(s) against their account.

End User Liability

Ultimately, the end user needs to provide some protection against the possibility of their Chip & PIN based debit and/or credit card being compromised. So, leaving the PIN on a sticky note or piece of paper in the same purse/wallet as the card is not a good idea.

Chip & PIN Compromised

One of the pages that came up in the Bing search was a World News Network article called Customers ‘blamed for card fraud’. That WNN landing page’s title actually carried a link to a BBC News article on BBC’s site.

But, the World News Network site also had a link to a video demonstrating a Chip & PIN vulnerability. Be prepared to be shocked.

The above video is well worth watching from start to finish.

Fellow MVP Harry Johnston (Bing search) pointed to the following site in response to a question about Chip & PIN.

These are the folks responsible for the above video.

The blog post about the vulnerability published by the Cambridge group is here:

Note the link to a working draft of a research paper on this particular vulnerability is also to be found there.

The Need For Caution

The need to protect our personal identity and financial situation ultimately resides with us. Knowing what is out there in the way of threats to our financial or personal situation is a part of protecting them. Granted, we may never know all of the ways, but we can do our best to mitigate the risk.

So, logging in daily to keep an eye on our online banking reports, online credit card accounts, and other such services is important. We need to know if there are any fraudulent transactions as soon as possible so that we can address them with the bank or card issuer.

Also, paying attention to the folks running the payment terminals where we make our purchases and not allowing anyone to take the card out of our sight are two ways that can also help to mitigate the risk.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

A Glimpse At Exchange 2010 OWA And SharePoint Foundation

OWN has had their hosted Exchange and SharePoint systems on Exchange 2010 and SharePoint Foundation 2010 for a while now.

We just finished provisioning a client’s e-mail infrastructure and collaboration around OWN’s 2010 hosted Exchange and SharePoint products.

Since we have been so busy with other tasks, this is the first time we have had the time to take a bit of a dive into the new Microsoft offerings.

Outlook Web Access

Exchange 2010’s Outlook Web App (OWA):

image

Microsoft’s continued development of Outlook Web Access on Exchange has certainly been excellent. With each successive version we have seen vast improvements with each new release.

The changes from 2007 to 2010 however, are not quite as dramatic.

Outlook Web Access on Exchange 2007 Service Pack 2:

image

OWA 2010 does have a few key features out of the box that OWA 2007 did not though.

  1. Mail: Inclusion of the Favorites section which is identical to the Office Outlook client.
  2. Mail: Search Folders actually has the Unread Mail folder set up by default.
  3. Mail: Recover Deleted Items is now a right click option in 2010 as opposed to digging through Options in 2007.

From there, the OWA Options management page is a lot more intuitive to use on 2010 than it was on 2007. Users will be able to find the items they want to use with a bit more ease.

SharePoint Foundation 2010

Once the services are provisioned by OWN, we need to log on as the SharePoint site admin to set a template.

When the template has been set up, we then need to create our contributor group and add our client’s users to that group. Any needed Sites and/or special permissions groups would be created from there.

This is the new SharePoint Foundation 2010 site:

image

The changes between Windows SharePoint Services v3 and SharePoint Foundation 2010 are quite substantial.

Note the layout and navigation changes. There are a lot of changes made in the SharePoint product. As a result, be prepared to either contract someone like Robert Crane who can customize the site quite quickly and efficiently or delve into the bits and bolts to figure it out.

Own Web Now and the Cloud

We have mentioned this before, but it bears mentioning again since developing alternate revenue streams for our business is absolutely critical to our growth and longevity.

  1. We partner with OWN for our hosted Exchange/SharePoint needs because _we_ are the face of the hosted products to our client.
    • We set the value and pricing for each OWN service we resell.
    • We invoice our clients for those services ahead of time the same way our cell phone provider invoices us for next month’s services plus last month’s overages.
    • Once the services are set up, we have that monthly residual that totally _kills_ any residuals we might get through other Cloud services vendors.
  2. We partner with OWN because we get to work with _real_ and _knowledgeable_ people if we need support.
    • Benjamin and Matt have been our primary support contacts and they have always come through for us.
    • The OWN support team when called upon have been second to none.

While the Cloud and its impact have certainly been on the top of our minds lately, picking the right Cloud vendors is absolutely critical to the life of our business.

Even with the mainframe style of Cloud services, the client/customer will _always_ be in need of experts to facilitate their IT solutions and infrastructure. That’s another reason why we always need to be growing our expertise.

Those Cloud Solutions Experts need to be _US_! :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Wednesday 7 July 2010

Live Meeting – Intel Modular Server Initial Start Up And Configuration

We have scheduled a Live Meeting for Friday morning at 0800Hrs Mountain Time.

We will be firing up a newly assembled Intel Modular Server for the first time, updating its firmware on all the requisite modules, and then doing some base configuration of the unit.

Items to be covered:

  • IMS product configuration
  • Intel Product Support site access and product downloads.
  • Intel Unified Firmware Update v6.1 applied after initial CMM Boot.
  • Various module firmware updates post UFU
  • Storage Pool configuration
  • Virtual Disk configuration
  • IMS Q & A

The various processes for updating the firmware can take a bit of time, so we have scheduled 90 minutes for this broadcast.

If you have questions about the IMS, then this would be a good time to ask as the Q&A feature will be enabled in the LiveMeeting.

A Live Meeting Attendee link can also be found on our Web site Calendar.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

OWN Partners – Enable Encryption Policy Management For Existing ExchangeDefender Subscribers

As an ExchangeDefender Service Provider, we need to enable encryption policy management in the ExchangeDefender client admin portal:

image

  • Encryption: Disabled

This setting enables an admin Web page for adding, removing, and managing existing encryption policies for individual e-mail addresses or e-mail domains.

Once enabled in the admin portal either our client or we will see:

image

ExchangeDefender Encryption Policies can be defined based on the following criteria:

  1. Sender’s e-mail address
    • All e-mail sent by this user will be encrypted by default.
  2. Sender’s e-mail domain
    • All e-mail sent from this particular e-mail domain will be encrypted by default.
  3. recipient’s e-mail address
    • All e-mail sent to this recipient will be encrypted by default.
  4. Recipient’s e-mail domain
    • All e-mail sent to this e-mail domain will be encrypted by default.

By enabling default encryption policies, users save time since they will not need to place the [Encrypt] tag in the subject line each time they need to send a confidential or sensitive e-mail out to the same recipients.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Microsoft Small Business Specialist Program Is Alive And Well – It Emphasises The Need For Training and Certification!

When we went through the changes in the Microsoft Partner Program and renewed last June, our Microsoft Small Business Specialist designation disappeared from our Microsoft Partner Portal company profile.

It took a bit of digging around to see what was up since my MCTS designation is based on the SBS 2008 exam and thus current.

It turned out that I needed to retake the Microsoft Partner online MSBS “exam” to regain our designation.

After passing the Partner based exam around a month ago, we received this today:

image

That little blue logo has done great things for our company since we were first qualified back when the program started.

Most of our clients knew that the next e-mail or communication to go out after our Small Business Specialist designation announcement e-mail was a rate increase. When we did enter into discussions, not one of our clients put up any resistance to our proposed increases.

Our clients valued the ongoing skill set improvement and what that meant for their own business in the IT solutions we were and are providing them. It meant _more money_ for them.

Real Experience

There is no replacement for the combination of specialised certification tied into practical real-world experience. By real-world we mean _actually working with the products_ and not working via some sort of PSA (Bing search) troubleshooting script.

PSA script based troubleshooting the tech does not make. Putting the solutions together, breaking them, putting them back together again, and so on makes a tech worth hiring.

One of the questions we used to ask any potential technicians was how many systems were running at home. If they answered less that two or three we disqualified them. Home theatre PCs and gaming machines did not count BTW.

Now we ask them how many virtualized systems are they running and what hardware infrastructure was being used to provide VM performance as well as its failover capabilities.

If we sense a passion and inquisitiveness around the hardware and software products the potential technician has touched in some way, then we place a high value on that.

My Experience

When I was single and working for one of the best IT employers I had ever worked for across any of the industries I have had my hands in (late 90s), it was not uncommon for me to start at 6AM and finish sometime around 8-10PM on a daily basis.

Every once in a while I would go through a friend refresh cycle, but I just kept at it both for my employer and on my own. I loved what I was doing . . . and still do to this day.

I now have Monique to keep a handle on the time I put into building our business and developing my skill set, but my days are still in-office/on-site 0600Hrs to 1800Hrs six days a week with some evenings being required too. Sundays are mandatory family days! ;)

Conclusion

Essentially, as was mentioned in yesterday’s blog post New to IT- Some Certification Advice Offered, if we are not willing to put in the time and effort to develop our professional skill set, then we should not expect anyone to pay us to just toe the line.

Vlad won’t do it, neither will we.Vlad’s response to yesterday’s post was Certification Path where he says:

  • Follow the money.
    • Where is IT investment dollars being spent?
  • What can you do with your certification if your labor is not in demand?
    • Can you go into business with your current skill set if there is a loss of employment?

And, to quote directly from his post:

I’ll be honest that in my hiring, the one thing that stands out the most is progression. I want people that have been involved in all things that have come to the front of the technology because I know that the skills you have now will soon be obsolete. Are you  table to quickly learn the new material? Are you someone that can figure things out, or do you need solid documentation and training before you can manage?

His follow up post is a good read.

We both offer advice and direction on how to make it in our industry, and like us, it is a decision that needs to be made to _run with it as smart and as hard as possible_. There is no compromise.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Tuesday 6 July 2010

New to IT? Some Certification Advice Offered

I have been having a conversation with a fellow that is currently interning with an IT company.

Here is my reply to him on the question of what to study and how to go about it.

Vi’s Question: For someone who is pursuing in the IT field, I have looking for advices (sic) to know what to look out for and what not to look out for. I also have my interest perk at the knowledge of CCIE. Do you have your CCIE? Would you recommend it worth pursuing that title?

Philip’s Answer:

I am pretty specialized into a niche that incorporates SBS 2008 and SMB based IT solutions.

The two most important indicators to clients and their confidence level in me and my company were the following:

  • Microsoft Certified Technical Specialist on SBS 2008 (relevant product to their business).
  • MPECS Inc. is a Microsoft Small Business Specialist designated company due to my MCTS as well as passing an online exam in the Microsoft Partner Portal.

What I am trying to tell you is that the efforts you put in should be twofold:

  1. Apply for and test on products that fit into a particular market niche.
    1. Don’t over certify on a lot of different products. Focus on a few that are relevant to a particular IT solution set or service set.
    2. See above for example as far as what I have done.
    3. CCIE will give you a foothold into the Enterprise but experience will play a vital part of landing a job or starting a business.
  2. Make sure you invest in some hardware that is relevant to the industry certification that you will pursue.

So, see about getting yourself a Dell pedestal or 2U server with an X3300 series Xeon and at least 16GB of RAM. Augment that with at least 4 15K SAS drives (probably 146GB) to set up in RAID 10. Then you can install the free Hyper-V Server 2008 R2 and virtualize any needed SBS, Windows Server 2008/R2, Exchange, etc. server products and configure them according to best practices.

I suggest staying away from any previous generation NetBurst CPU based servers as they may be 64bit capable, but they are inefficient in their power consumption relative to the processing power of the CPU by a large margin compared to the newer Xeon E5100+ or X3200+ CPU based servers.

It is not too difficult to gain access to Cisco equipment via government auctions and the like around here. The same may be true for area code ### if that is where you are located.

Have a look around job boards and specialty Cisco forums to see what the prospects are for obtaining a job or for information on fine tuning your training to better fit a placement after your internship finishes. The company you are interning at should have some good advice on the what/where/how to gain training, certification, and experience beyond your internship.

One thing that is not mentioned in this note to Vi, but comes to mind now, is the fact that our industry is always changing.

From new products coming down the pipe that will support in-house, in-house and Cloud blends, to pure Cloud based IT solutions we need to be on top of the changes so that we can provide the best solution for our clients.

This constant change is one of the things that I personally love about our industry. I never get tired of learning new things, and burning serious brain power on digging into a new solution or technology challenge.

Given the way things are changing in our industry all the time, we should _always_ be investing in our knowledge by training on new products, working with vendors and their hardware solutions, and of course getting to know our Cloud vendors and their products.

The changes coming down the pipe are game changers indeed. So much so that we need to make sure we have an understanding of what products and technologies to invest our training time into for the particular IT market niche we happen to reside in.

Otherwise we will be left behind in the dust. See Vlad for more info.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

SBS 2008 – Error: An Exchange 2007 server on which an address list service is not active cannot be found

We were in the process of correcting what turned out to be a clerical error for a client’s user where their name was spelled incorrectly.

To do so, we change the Alias properties for the wrong user account to change the default e-mail address for the user. NameOLD@ or something along those lines will be used.

While attempting to make these changes on an SBS 2008 box with Exchange 2007 SP2 installed, we received the following error:

image

Microsoft Exchange Error

The following error(s) occurred while saving changes:

set-mailbox FAILED

Error: An Exchange 2007 server on which an address list service is active cannot be found.

A quick search turned up the following culprit on the SBS 2008 box:

image

Microsoft Exchange System Attendant: Status = OFF

We right clicked on the Attendant service and started it without a hiccup.

Once the service was back online we were able to make the necessary profile changes to allow us to create the new user profile with the existing e-mail addresses.

From there, we go on to export their Exchange mailbox to PST and modify the redirected folders folder of the existing user profile to allow Read/Write to the new profile.

We will be digging into the logs to see if we can find the source of the service turning off. We will also be applying Exchange 2007 SP3 on this particular SBS VM pretty soon.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Monday 5 July 2010

ExchangeDefender – On The Fly Outbound E-mail Encryption

A neat new feature available to our clients and us that have our e-mail protected by ExchangeDefender is the ability to encrypt our outbound e-mail on the fly.

Not only do we have the ability to encrypt on the fly, but we also can specify certain e-mail domains to receive _only_ encrypted e-mail.

So, just how does the process work?

  1. Start a new e-mail in your e-mail client of choice.
  2. Set the subject line to: [Encrypt] My Subject Line
    • Note the inclusion of the square brackets around the word. They are needed for a successful e-mail encryption.
    • image
  3. Type up the e-mail and attach any needed support documentation.
  4. Send the e-mail.
  5. The receiver will see the following:
    • image
  6. The first time the receiver clicks on an ExchangeDefender encrypted e-mail link, they will need to enrol in the ExchangeDefender Encryption service using the following information:
    1. First Name
    2. Last Name
    3. Address lines
    4. City, State, ZIP
    5. Country
    6. The e-mail address associated with the recipient will already be populated.
    7. A password for their account will need to be set.
    8. A 4 digit PIN for password recovery purposes.
  7. Click the Enroll button once the information fields are filled out.
  8. A message indicating that the account was created and presents a log-in link.
    • image
  9. Once logged into the service, the recipient will be able to download any attachments, reply to the e-mail, and/or destroy the e-mail.
    • image

Note that when replying to the encrypted message a copy of the e-mail will not be sent to the recipient’s e-mail address. The reply received by me:

image

Destroying the original encrypted e-mail does just that. Only the sender will have a copy of the original in their Sent Items folder. For the most part, Outlook/e-mail client sorted outbound e-mail will be handled as normal.

Depending on the nature of the e-mail being sent, this service can be of great value for those that need to keep certain communications secured from prying eyes.

Since the source e-mail server transmits the e-mail directly to the ExchangeDefender servers, or it should be as per the ED Deployment Guide, the e-mail never leaves the confines of the source corporate network and destination ExchangeDefender network.

The decision to use the service for a one-off e-mail will ultimately reside with the sender. If the content is confidential to the point where the recipient’s time to fill out the form (less than a minute) is worth it, then they should definitely use the service!

For those that regularly send e-mail with sensitive information in them to the same recipient, the recipient will be able to log-in to the ExchangeDefender Encryption Services portal in seconds to gain access to any e-mail with [Encrypt] in the subject line.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer