THE OFFICIAL BLOG OF THE SBS "DIVA"

Microsoft Enterprise Networking Team : Intermittent file sharing connectivity from various clients to a Windows Server 2008 server:
http://blogs.technet.com/networking/archive/2008/07/10/intermittent-file-sharing-connectivity-from-various-clients-to-a-windows-server-2008-server.aspx

After a period of time Windows XP and Windows Server 2003 clients can connect to file shares on a Windows Server 2008 server but Windows Vista clients time-out.
After a period of time Windows Vista clients can connect to file shares on a Windows Server 2008 server but Windows XP and Windows Server 2003 clients time-out.

Two things are currently known to address the issue:

Upgrading the NIC drivers is known to help but not completely resolve the issue.
In the cases we have seen so far, uninstalling anti-virus software has resolved the issue.

One of the very nice things about running on the SBS platform is that it comes out AFTER Windows Server platform does.  Therefore one is not first.. and other folks have to deal with issues such as that.

They go first, we gain the benefits.

Download details: Demo Showcase 2008 SMB Edition - Customer Acquisition:
http://www.microsoft.com/downloads/details.aspx?familyid=f89d50cd-0344-468f-b3f7-1092b8864b47&displaylang=en&tm
Download details: Demo Showcase 2008 SMB Edition - Security and Reliability:
http://www.microsoft.com/downloads/details.aspx?familyid=d37d68b1-bcf9-494c-86ed-99266a964aca&displaylang=en&tm
Download details: Demo Showcase 2008 SMB Edition - Business Solutions:
http://www.microsoft.com/downloads/details.aspx?familyid=2154f042-d2cb-41b7-91b3-ac185adec752&displaylang=en&tm
Download details: Demo Showcase 2008 SMB Edition - Business Productivity:
http://www.microsoft.com/downloads/details.aspx?familyid=cf0350f4-5c29-4e7b-baeb-42c7d42c75f3&displaylang=en&tm

The Demo Showcase 2008 SMB Edition - Business Productivity Demo is a comprehensive click through demonstration designed for partners. This scenario demo features many different Microsoft technologies working together to resolve business needs. Included in the scenario are the following products: Windows Small Business Server 2008, Office 2007, Windows Vista and SharePoint Server 2007.

Want EBS stuff?

Essential Business Server Preparation Wizard | Media | TechNet Edge:
http://edge.technet.com/Media/Essential-Business-Server-Preparation-Wizard/

Download details: Migrating Active Directory Domain Services Scripts, Roaming Profiles, Redirected Folders, and Home Directories to Windows Essential Business Server:
http://www.microsoft.com/downloads/details.aspx?familyid=d79d7afd-df62-4353-9abf-7cbc8e49cd3d&displaylang=en&tm
Download details: Migrating from Windows Small Business Server 2003 to Windows Essential Business Server:
http://www.microsoft.com/downloads/details.aspx?familyid=191b141e-3a1f-4c1b-bd2d-15623751e518&displaylang=en&tm
Download details: Migrating the DNS Role to Windows Essential Business Server:
http://www.microsoft.com/downloads/details.aspx?familyid=09ba5591-5dc8-46c9-a22b-26f5ca090294&displaylang=en&tm
Download details: Windows Essential Business Server Product Overview:
http://www.microsoft.com/downloads/details.aspx?familyid=01a0a2ec-18dc-4217-9591-ade0a1d7ae08&displaylang=en&tm
Download details: Windows Essential Business Server Installation Guide:
http://www.microsoft.com/downloads/details.aspx?familyid=11c34b73-a9aa-4beb-940d-2ab93b167fdc&displaylang=en&tm
Download details: Migrating DHCP Server Service to Windows Essential Business Server:
http://www.microsoft.com/downloads/details.aspx?familyid=e7087924-2d5f-4379-b083-14c7c0aea831&displaylang=en&tm
Download details: Migrating Microsoft Exchange Server to Windows Essential Business Server:
http://www.microsoft.com/downloads/details.aspx?familyid=fb0f9f7e-8769-4585-a85c-509165a3f93e&displaylang=en&tm
Download details: Migrating Windows Server Update Services to Windows Essential Business Server:
http://www.microsoft.com/downloads/details.aspx?familyid=4a9229be-e9dc-40f8-b90e-035bf7879716&displaylang=en&tm
Download details: Windows Essential Business Server Installation Guide:
http://www.microsoft.com/downloads/details.aspx?familyid=11c34b73-a9aa-4beb-940d-2ab93b167fdc&displaylang=en&tm

Redmond | News: Microsoft's DNS Fix Leads to More Problems:
http://redmondmag.com/news/article.asp?editorialsid=10070

"Tyler Reguly, a security engineer for San Francisco-based nCircle, commented that Microsoft should be more transparent about issues like those outlined in the SBS services blog. Such descriptions went relatively under the radar, and could be considered highly technical, bordering on vague.

"It may take users quite a while to diagnose the problem and then they have to find this specific blog post," he said. "Microsoft should really be doing more to make people aware of the issue. The impact isn't as great as the recent WSUS issue, but this should be handled in the same way that was. It should be given its own KB number and a security advisory should be released, especially given that IPsec is potentially affected."

Security advisories are for security events... exploits in the wild, something MSRC is investigating.. or in the case where WSUS servers were not properly deploying patches, where servers may not properly protect for security issues.

Issues with security patches are ALWAYS typically documented in the "known issues" section.

http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx

When you follow that link to KB953230 at this time ..there honestly isn't a lot of detailed help to specifically to the issue documented in the SBS blog.  It vaguely refers to it, but honestly not well enough.

Bottom line gang.. run a SBS box... watch that SBS Blog. 

http://blogs.technet.com/sbs

Next phase... the car is getting ready to be put on a ship to head for Oxnard, California.
http://www.portofhueneme.org/the_port_at_work/rolling_in_the_autos.php
The port of Oxnard is one of the largest Automobile import docks on the West Coast. 
Looks like there are two BMW ships coming into the dock on August 5th and there's specific Ships that list MINI on July 23 and 29th but I doubt they will make those ship dates.
http://www.portofhueneme.org/documents/20080718101136.pdf

(Hopefully no Titanic events in route or anything like that)

You know the more you google and can find out stuff... http://exchange.dnv.com/Exchange/Main.aspx?EXTool=Vessel&VesselID=28513 (Specs on the one ship btw) the more one has to wonder if we really need to be able to google all of this stuff in the first place?

But it's nice to know that I'm not the only insane person who is looking up Ships and what not... http://www.bmwauto.net/forums/bmw/p/244726/anyone_else_on_the_alioth_leader_headed_for_port_hueneme and http://www.bimmerfest.com/forums/showthread.php?p=3382162 or figuring out that there's a site that does Vessel tracking...   http://www.vesseltracker.com/en/Ships/Isolde-8321345.html

The vehicle cargo ships do look a bit odd don't they? http://club.telepolis.com/SHIPS88/AliothLeader.htm

The morning after you patch your monitoring email will look horrific.  So much so that most of the time I just make sure that it emailed and ignore it until the second day.

This month in particular you are going to get some pretty horrific notifications

Sample ones will look like this:

Lots of red stuff.  I have one HP insight service that won't auto start no matter what I do so I script that to kick back on later.

Your first clue that this is an "ignore this until a day later" report is that you will have a system up time alert.  That's normal for a patch event.

Since we patched SharePoint's MSDE/WMSDE, SQL or whatever this month it will be normal that this got stopped.

We also patched Exchange so Mail services getting stopped is also normal.

Typically when we patch Exchange IIS also shuts down (and btw when IIS goes down you can't patch over RWW)

Because we had a fun SQL patch this month you'll also see some freak outs from SQL that are out of the ordinary.

 

 And the fact that it's complaining about SQL... yeah when you shut it down to patch it, you'll get more funky stuff.

You might also get a warning right after reboot about DSRestore.  Post sp1 of SBS this is standard.

So bottom line, the day/morning right after you patch or reboot your system, that email will be pretty horrific and all of this is normal.

Give it a day or two and it should look more like this:

And for the record that's how my "normal" report looks like.  THERE IS ALWAYS one or two patches that I have in limbo while I evaluate them before rolling them out. 

http://msmvps.com/blogs/bradley/archive/2008/07/22/dns-take-action.aspx

So Andy asks what I would recommend for dealing with this DNS issue and honestly I recommend DNS forwarders to www.OpenDNS.org because it adds additional services over and beyond just DNS resolution.  It also prefilters bad web sites and allows you to limit certain categories of web sites.

So bottom line, if you haven't patched, ensure your DNS is forwarded to OpenDNS.org. 

Try it with these settings for those that have a router/nat in front of you and the DNS test is saying that your router is limiting the randomness as a result.  If you still get that message, then I'd say get a new router!

SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc:
http://isc.sans.org/diary.html?storyid=4765

If you have not patched for DNS because you've heard of the DNS patching issues, flip your DNS forwarders to www.opendns.org

Full instructions on how to point your forwarders to them is on their web site.  For SBS'ers it's more important that we forward to a trusted DNS provider or use root hints.  I'm not downplaying the patch but if you are holding back on this, take some sort of action and ensure that your ISP's DNS is patched. If you are unsure, you can run this test on Dan's site http://www.doxpara.com/?p=1176 but OpenDNS may be safer over the long haul.

http://msmvps.com/blogs/bradley/archive/2008/07/22/and-another-local.aspx#1641780

"Have you ever had to deploy OCS?" Yes.  In a .local based domain in fact.  The trick is to build another DNS entry with a _tcp _sip property that points to the member server that has the Live Communication Server running.  Then to ensure that the domain will will reroute out to your ISP's DNS, you put an A record to so that the domain/web site will still resolve.

The thing is that having .local doesn't block you, nor, would I argue makes setting up these technologies any harder. 

The point of that post that I made was that indeed we should be discussing why we might need .com versus .local, not that SBS blocked the use of it because it doesn't.  And quite frankly as var/vaps we should be looking very closing at that answer file tool because that's the only means to get a server in a migration mode.  Thus my guess is that most of you will be using that answer file for the bulk of your new installs and certainly ALL of your migration installs.

The point of my post was not to diss the merits of .com versus .local and if it came across that way, it wasn't meant to, but rather to ask that we stop asking about the request of giving us the option of doing a Top Level domain at a time when the SBS 2008 product has just hit RC1 status and in fact it does allow this option.  To make any changes at this time to the installer would hurt a huge amount to rip out the install routine as it stands now.  It would delay the release of SBS 2008.  Windows 2008 has a different install story.  Ergo so does SBS 2008.  That's our new reality.  I'd rather have a post over the fact that in 2k8 I can't do a repair install of the Operating System.  There's no way to plunk down Windows 2008, fire up that media and reinstall the OS over the top of it.

So do let's get to the better meat of that post.

Why should you do .com?  In SBS 2003 there were some issues with sync'ing Windows Mobile devices docked and non docked due to ISA being on the same box and messing with proxy settings.  In SBS 2008 ISA is no longer on the same box.  Issue?  Probably not anymore.

Why should you do .com?  The argument was made for setting up OCS.  (Okay lets put aside the argument that most SBS domains won't be doing OCS anyway...but...) I can tell you that I have LCS here with an internal .local and all I had to do was to set up a _sip record under the  domain name.  Personally I didn't find it any more or less confusing with the .local versus if I had a .com?

Does it provide you with any additional features or functions as you grow?  I'm still not convinced.  I see people making arguements that they can do what they need to do with both setups.  All it takes is a judicious A record editing and it depends on if you want to do that DNS editing on your server (if .local) or an ISP's server (if .com).  But one thing is clear you do need to have full access to DNS information and ensure you can make the edits you need.

So I'm still saying "Make your choice, both are do-able, but stop discussing the install experience of SBS 2008 because we do have the choice.

Canadian IT Professionals : Another .LOCAL post - SBS 2008, EBS 2008:
http://blogs.technet.com/canitpro/archive/2008/07/22/another-local-post-sbs-2008-ebs-2008.aspx

I wish that we could be a little be more understanding of the marketplace that SBS faces.  The reality is not everyone is as talented as Mitch. 

Yes there is an answerfile tool that will indeed allow the uber var/vap to name whatever he wants that server to be.  As a var/vap many like that answer file tool as they recommend filling it out, printing it out, having the customer sign off to document how they want the server to be named so that there are no misunderstandings.

But it can be a bit tiring when there are threats to our DNS structure and we're still arguing over .com versus .local as a "best practice" how many years later? 

The option is indeed there.  If a var/vap cannot read the documentation on how to do this, then maybe they shouldn't be setting up a server.

Yes that's very harsh, I know, but I'm also getting a bit tired of this near religious arguments that bubble up over this topic.  In the first release of SBS 2008 beta there was no option at all to do anything but .internal.  So the var/vap community/beta testers went "whoa" and thus the win here is that there's the answer file mechanism that gives Mitch exactly what he wants to do.  In addition, you can tailor it as a confirmation tool.  How many var/vaps have stupidly misspelled the Firm name wrong and have asked "can I rename the domain now" and we go ... uh...no, flatten it and start over.  Thus the answer file tool will prevent you from those boneheaded fat fingering misspellings that all of us have done a time or two.  If you want .com, do it.  If you want .local, do it.  But gang, the reality is unfortunately that there's a lot of servers that aren't set up well and the customer suffers. 

At the end of the day the design goals for a Small Business Server is not that it be set up for the Var/Vap, nor for the Dell Marketplace, but that it be set up in a manner that whether it's a Var/Vap set up server or a Dell OEM model that the customer at least gets a fighting chance of a decently set up server.

So Mitch, name the server whatever you want, but I think all of us that argue over this .local and .com need to all just get over it and get on with building servers in the manner that we prefer.

To get ready for a migration from SBS 2003 to SBS 2008 the first thing you do is READ.

You heard me, READ.

Let me say this one more time.. before you begin to order any new server or anything.. download these guides and READ.

Download details: Windows SBS 2008 to 2008 Migration Guide:
http://www.microsoft.com/downloads/details.aspx?familyid=31cbc5dd-21b1-4a6e-9a9d-740ce7605448&displaylang=en&tm
And then read some more:
Download details: Windows SBS 2008 Installation Guide:
http://www.microsoft.com/downloads/details.aspx?familyid=48229e80-d05b-4fa5-9591-8c388ab5d633&displaylang=en&tm

The SBS 2003 to SBS 2008 migration path includes migrating SharePoint on the old v2 to the new v3 to be named oldcompanyweb.

Now that you've read those two (you have haven't you?) you know that you know that there's no inplace upgrade.  So if you have a newerish system you can't plop the dvds in there and boot from there and go.  Not to mention, my home SBS Server doesn't have a DVDplayer just a cdrom one. 

But if you want to take a box and migrate plan on imaging it, moving it to a virtual state or something and stage your migration from there.

Then you need to see if your existing box is 64bit ready.  You can either find the specs -- http://h18000.www1.hp.com/products/quickspecs/12092_div/12092_div.HTML or you can use a couple of tools.

First one is Crucial.com's memory configurator.

Prices range from about $500 for 4 gigs, to $139 for 2 gigs. I'd recommend 4 gigs either in one kit or 2 2gig kits shown there.

Okay now we need to see if the chip is 64bit ready.  We could read the HP info... which says Processors include support for Hyper-Threading and Extended Memory 64 Technology (EM64T)

Or we can use another tool. http://www.grc.com/securable.htm

Yes to 64bit, yes to Hardware DEP, no to HyperV.

One last thing.  There is no support for going from RC0 to RC1 to RC whatever to RTM.  You cannot run the RCs in production as you will not be supported.

So in the meantime... read.

I get emails from "Random newsy subject line" from "random person" with "second random newsy spammy catch headline" and finally a url to the malware payload.

So first off my first thought was... Al Qaeda files an SEC report somewhere?  And secondly I had to google who Gus Hiddink was...

I mean yeah they are probably risk factors to firms... but do they report earnings?  And are they up or down?  What's their cost of goods sold I wonder?  Employee benefit package?  Retirement plan? 

(okay so it's a monday, okay?_

-------- Original Message --------

Gus Hiddink Heads For Gulag

URL to something spammy/malware-y

And speaking of marketing.. whomever signed the Microsoft deal with Disneyland for the Innovention house blew it.  They had cool touchscreen light switches all over that house and a large screen tv that by my read was not only powered by Microsoft Operating system but VISTA as it was Life|Ware

http://www.exceptionalinnovation.com/
http://www.exceptionalinnovation.com/pdf/lifeware.pdf

System Requirements
Operating System – Microsoft® Windows Vista® Premium
or Ultimate operating system
Processor – 2 GHz Intel® Pentium® 4 Processor
(or comparable)

The LifeWare stuff was running Vista for heavens sake and NO WHERE was Microsoft's presence felt in that Innovention house at all.

Here they had cool stuff on the Vista platform for heavens sake and truly we thought it was some Linux embedded OS or something with a GUI that looked like Media Center

Come on Microsoft... put Vista powered stickers on the computers or something!

HP screens in Disney's Home of the Future

Large screen TV - Disneyland's Home of the Future

HP's Home Server at Disney

Microsoft's Touch at the Disney Home of the future

http://www.microsoft.com/presspass/features/2008/jun08/06-16Innoventions.mspx

http://www.disneylandnews.com/article_display.cfm?article_id=306

What was interesting to me was how much it was a showcase of HP, and how little it was a showcase of Microsoft.  No where did it indicate that it was "Microsoft surface" or that the small box in the cabinet underneath the printer was the HP Home Server. 

http://www.microsoft.com/presspass/events/mshome/gallery.mspx  I was surprised at how much HP was seen but Microsoft was no where to be seen.. at all.  And you only knew that there was a Home Server in there because the press kit said it was there and I was specifically looking for it. 

http://www.disneylandevent.com/tsm/dreamhome.html

Granted one has to balance the marketing/sponsorship with the Disneyland venue, but I think Microsoft that has touted the Home of the Future on their press pass page, is missing out on an opportunity here to gain a bit of good vibes/ buzz.

Come on guys... advertise just a little?

http://www.infoworld.com/article/08/07/18/30FE-sf-network-lockout_1.html

Interesting read on the SF network situation.  In the separation of duties requirement, you ensure that people take vacations and rotate duties. 

Something to think about ...the impact one person may have....

If you are in a firm with multiple techs, do you rotate them around so that other eyeballs are looking at what they've done and are doing?  Do you track their access?

Something to think about...

On the way to Disneyland we stopped by the Apple store to get an Ipod worked on and there in the store the Iphones were on display.  I had to chuckle a little bit when an Apple specialist was on a Apple workstation, safari browser, searching the Microsoft KB.. I think it was something about Outlook and MAPI.  Needless to say I'm sure a lot of Iphones are syncing with Outlook clients these days.....

(woo hooo!)

I am impressed with MINI's CRM and tracking system.  My MINI has moved from "on order" to Scheduled for Production.  It's getting ready to be built in England.

Down visiting friends and the latest word on the gaming front is that the Xbox Bungie gaming venues is that Microsoft messed up a communication announcement at the E3 conference by pulling rug out from under Bungie's game announcement.

http://www.joystiq.com/2008/07/17/microsoft-pulled-halo-announcement-for-a-stupid-reason/

http://www.joystiq.com/2008/07/15/bungie-e3-game-announcement-pulled-by-publisher/

Which goes to show you that miscommunication can occur in a lot of places and in a lot of Conference settings.

I was watching the Big Idea the other day on MSNBC and it showcased selling ideas.  How to be honest, how to gain immediate reputation with someone. 

http://www.cnbc.com/id/25396247 and http://www.cnbc.com/id/25415145/site/14081545/

7.      Establish yourself as a trusted advisor.

More sales happen when customers see you as a trusted advisor. You can rise to the top of your company or industry when you become an expert on your product or service, fully understand your target market and what they need, and become a reliable resource who offers value regardless of whether clients are ready to buy. As a trusted advisor, clients will seek you out and want to build relationships with you, relationships that result in referrals and repeat business.

and

Unlike the poker champion, the most crafty and secretive salesperson loses big. In the heyday of the typical tactics, keeping secrets and telling little white lies to make a sale may have worked. Not anymore. There's been a big shift in the market — one from secrecy to radical transparency. A shift in which customers want — and require — full disclosure and total honesty.

The customer - driven demand for honesty and full disclosure is another compelling and profi table reason to adopt the contrarian approach. Grounded in a concern for what ’ s best for the customer, even if that means being honest about the limitations of your products or services, the contrarian approach allows you to be radically transparent and open with potential prospects and clients. When you choose to be transparent, customers know it and tell their peers and friends that you're the person to call when it's time to do business.

In this time of SAAS, there's a lot of vendors running around making statements, blowing the communication big time.  And then there are just as many vendors taking advantage of the paranoia regarding Dell and Microsoft to position themselves accordingly.  Be aware of the impact of cloud technologies, but do your due diligience.   It's in these vendors best interests to make you scared.

Make sure the vendors you are looking at are being honest about their service, their uptime, and their ability to provide you the service level you need.  Get it in writing.

Like many things in life early information is often wrong.  If you got word from anywhere that to counter the issues with the DNS patch that you should delete the MaxUserPort value, that information was wrong.

"Some are suggesting removing the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort registry entry as a fix.  Is this also recommended?"

Don't do that.  The answer it to leave that in.  SBS needs that due to the fact we have Exchange/ISA/on the box, the right answer is to add the excluded ports

http://blogs.technet.com/sbs/archive/2008/07/17/some-services-may-fail-to-start-or-may-not-work-properly-after-installing-ms08-037-951746-and-951748.aspx

Do NOT remove that.  (If you have ISA the value is 65,535)

 The reserved port section on my box looked like this:

That's on a standard box, ISA will have more on a Premium

To that section add the following items:

1645-1646
1701-1701
1812-1813
2883-2883
4500-4500

So that it looks like this:

Click OK.

http://www.networkworld.com/news/2008/071608-court-dismisses-case-challenging-warrantless.html?page=1

"By dismissing the suit on procedural grounds, the court left unanswered the question of whether the Fourth Amendment requires the U.S. government to obtain warrants based on reasonable cause before it can compel e-mail service providers to secretly turn over a person's e-mail records. " What does that mean for emails stored in the cloud? Can the government access them without a warrant?

You know in all this cloud talk, one thing that really is still fuzzy is the legality of cloud protection and if warrants and searches can pierce that.

Think about the impact on cloud computing.

(Paranoid thoughts thanks to Ben Yarbrough of Calyptix Security http://www.calyptix.com/ who will be at SMBnation.com this year.. check them out!)