[There's a reason that Yoda is the unofficial mascot of SBS.  Size indeed matters not.] THE OFFICIAL BLOG OF THE SBS DIVA

For those running default SBS 2003 R2/2008 and 2011 with WSUS - it auto approves security updates to servers and workstations.  If you have an 8.1 or R2 deployed in that network, KB2919355 will be automatically approved and probably automatically installed tonight.

Just be aware and watch your patch settings.

2919355 is deemed a critical security update and thus will automatically be installed if you have not changed the settings.

Posted Thu, Apr 17 2014 16:05 by bradley | with no comments
Filed under:

For those of you behind WSUS, Intune or System center the less than 30 days before KB2919355 has to be installed has been extended.


Folks who patch with WSUS/Intune or System center have until August to roll out KB2919355

The issue with WSUS has now been fixed.  You'll see on your manually or WU updates boxes that already have KB2919355 ANOTHER KB2919355 this time a much smaller update that fixes just the issue with the WSUS deployment


Posted Wed, Apr 16 2014 21:44 by bradley | 1 comment(s)
Filed under:

Tuesday! SMBKitchen ASP Chat | Third Tier:

Join us today at the SMBKitchen chat.  Remember that you can sign up and get a sneak peak of the documents we've released before April 30.

I'll be sending out a revision to the Heartbleed client facing communication to reflect some latest developments.  Hope to see you there this afternoon!

Posted Tue, Apr 15 2014 7:55 by bradley | with no comments
Filed under:

Only 29 days-ish to get KB2919355 installed.  And we're starting to see people getting their issues resolved (yea) and starting to see the support engineers move from the fishing expeditions to where they can start giving out canned responses to the problems. 

Still Microsoft is in it's offering up mode and not pushing out the door mode (you can tell this in the USA as the update is offered up but not yet checked). 

I'll be starting my roll out this week and I'll let you know how it goes.

One Surface/one 2012 r2 server.


Posted Mon, Apr 14 2014 22:11 by bradley | with no comments
Filed under:

Hectic week this week between the Windows 8.1 issues and the Heartbleed - which is not a virus btw.


Up on the ASP kitchen project I've placed client facing communication you can use to help guide them.  If you have any questions - like I have had - please feel free to ask and we'll help to get clarity.

Right now it's still in it's month free trial time.  So check it out, see if the information is helpful and join us.


Posted Thu, Apr 10 2014 23:24 by bradley | with no comments
Filed under:

KB2919355 issues being investigated/tracked:

Windows 8.1 Update prevents interaction with WSUS 3.2 over SSL - WSUS

Product Team Blog - Site Home - TechNet Blogs:


*Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update scanning against all supported WSUS configurations. Until that time, we are temporarily suspending the distribution of the Windows 8.1 Update to WSUS servers.*

You may still obtain the Windows 8.1 Update from the Windows Update Catalog or MSDN. However, we recommend that you suspend deployment of this update in your organization until we release the update that resolves this issue. You may also find the workarounds discussed in this article to be useful for testing the Windows 8.1 Update for your organization. Thank you for your patience during this time

A note from Joe Raby about the impact of 8.1 update on 2012 R2 Essentials:

 You might want to post this note about updating "Windows Server Essentials 2012 R2 with Update":

Manual upgraders might want to update their Client Restore Service WinPE images on WDS (and USB sticks) so that they match the new baseline code version.  A folder must be deleted for it to recreate the WinPE images, and it's located at ProgramData\Microsoft\Windows Server\Data\ClientRestore\(big long version string)\(codepage language), eg:

C:\ProgramData\Microsoft\Windows Server\Data\ClientRestore\8.100.25984_8_100_25984_6.3.9600.16384\0409

After updating WSe to "Update 1", you need to get the new version of the ADK.  When you run the installer on the server, it just checks to see what's installed and only current components will be updated by default (nothing else is checked - I know you like that, Sue).  When the ADK is updated, just delete the codepage folder in it's entirety, delete the WinPE Boot images in WDS, and then go back into the Dashboard, to Home|Setup|Set up Client Restore Service, and click the Restart button.  It will use the new ADK to create new WinPE images and put them into WDS for you just like it always did, but now they'll have the new codebase revision (WinPE 5.1).

Note: MSDN does NOT have an updated ISO for "WSe 2012 R2 with Update" yet - only the single image for Standard & Datacenter.  The update package with the supplemental updates are available now.

Also note: I only mention this because I DID upgrade my server already....no don't start screaming yet.  My server only has tech stuff on it (OS's and Office installation files and such), so I want it to be bleeding edge (without being in beta) to cater to customers with all the new tech goodies from day one.  There is no "business data" on it in the conventional sense.  My "line-of-business software" is software deployment packages.

Posted Tue, Apr 8 2014 8:32 by bradley | with no comments
Filed under:

Windows 8.1 Update: The IT Pro Perspective:

I'm copying a comment that I agree with completely.  In the zeal of Paul Thurrott and Mary Jo Foley today on the TWIT web cast talking about BUILD no one talked about the risk of this update and the fact that this isn't an optional update, it's a mandatory one.  We HAVE to get this installed.

So far I'm seeing issues with moving folders (don't do that - expected honestly as I saw it with the 8 upgrade), issues with possible system corruption (run the DISM command if it gets stuck), and finally a concerning issue with 2012 R2 and Veeam backup software.

"The KB2919355 article states "All future security and nonsecurity updates for Windows 8.1 and Windows Server 2012 R2 require this update to be installed".  

What happened to Microsoft’s Lifecycle policy with providing customers with a 24 month timeframe before ending support of a superseded operating system RTM / Service Pack level ??

This update is effectively equivalent to a Service Pack, if not more so as it also contains functionality changes for both the operating system and browser.  According to the KB article it is a hefty 768mb in size.  

By immediately withdrawing all future security updates for Windows 8.1 RTM in the eyes of most enterprise customers you are effectively performing an immediate End-of-Life on Windows 8.1 RTM itself.

This places enterprise customers who are in the midst of a Win8.1 RTM rollout in a very precarious position given that they are now forced to introduce this very large update into their SOE in a very short timeframe.

There’s always a higher risk of introducing breakages with an update of this size as well, and by dropping patch support with little notice Microsoft is not leaving any time for enterprises to conduct a reasonable QA effort on ‘Update 1’ or deal with any subsequent issues/defects that arise.  So the enterprise customers are faced with a dilemma, either deploy this major update immediately with a reduced level of QA, or run the risk of being unpatched if a major security incident occurs.

I know that Microsoft wants its customer base to adopt updates to its Windows platform faster, but immediately dropping security patching on the Win 8.1 RTM release is just plain crazy."

Posted Fri, Apr 4 2014 22:46 by bradley | 4 comment(s)
Filed under:

Windows 8.1 update just announced at the BUILD conference today is on MSDN/TechNet now, on Windows update on April 8th.  In the read me file from MSDN is states

Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 Update

Recommended Install Order
1.  KB2919442
2.  KB2919355
3.  KB2932046
4.  KB2937592
5.  KB2938439
6.  KB2949621

A servicing stack update is available for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2: March 2014:

Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update April, 2014:
*Included in 2919355 is this statement:*
/Important /*/All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require this update to be installed. We recommend that you install this update on your Windows RT 8.1, Windows 8.1, or Windows Server 2012 R2-based computer in order to receive continued future updates.

We have until May 13th to get this 700Meg plus file installed on Windows 8.1 otherwise you will not be offered up security updates in May.

If you are running 8.0 you will still get security and non security updates installed.

If you have access to TechNet or MSDN download and test it now.  Come next Tuesday it will be  needed update to your 2012 R2 servers and 8.1 workstations.

Windows 8.1 Update: The IT Pro Perspective:

Test now.

Posted Wed, Apr 2 2014 18:52 by bradley | 2 comment(s)
Filed under:

Yes it was a TPM chip and you have to also anchor it down to the computer with this little plastic screw.

After the 15th I'm going to put the TPM chip in the Microserver.

Posted Tue, Apr 1 2014 23:40 by bradley | with no comments
Filed under:

Okay...take a guess at what that is?

Posted Tue, Apr 1 2014 0:04 by bradley | 7 comment(s)
Filed under:

Windows 8.1 Update May Arrive April 8:

"The latest rumor surrounding Windows 8.1 Update 1 is that Microsoft plans to release the upgrade on April 8 to consumers, the same day Microsoft pulls the plug on Windows XP."


If that's true, here's my ask for anyone who manages or maintains Server 2012 R2 or Windows 8.1 machines:

This week make sure any Server 2012 R2 or Windows 8.1 machine has a good backup.  A GOOD backup.  For any consumer workstation this means MORE than just the file history.  I would recommend if they do not have a backup provided by an image based backup (Essentials server client backup, Storagecraft, or other image based backup) that they need either buy the consumer version of Acronis http://www.acronis.com/en-us/personal/pc-backup  or ensure that they backup using the full System image.
(see instructions here : http://winsupersite.com/windows-8/windows-81-tip-use-system-image-backup   )

An external usb harddrive is cheap and a full backup image is just good to have and will always let you be the hero.

Microsoft to Live Stream the Launch of Windows 8.1 Update:

Posted Mon, Mar 31 2014 0:23 by bradley | with no comments
Filed under:

Another thing you'll see when there is an 8.1 or a Server 2012 R2 in your network is this error:

EVENT # 3279
SOURCE Microsoft-Windows-DNS-Client
DATE / TIME   3/29/2014 10:43:44 PM

The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:

Adapter Name : {2228D0D8-DFEC-4673-B8E3-C8913948C8FD}
Host Name : TPDF
Primary Domain Suffix : domain.lan
DNS server list :
Sent update to server : <?>
IP Address(es) :

The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.

To register the DNS host (A or AAAA) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

I have yet to figure out what exactly triggers this.. .but it's another "ignore this until I track down why it's doing this" error

Posted Sat, Mar 29 2014 22:58 by bradley | with no comments
Filed under:

Event ID 157 "Disk # has been surprise removed" - Ntdebugging Blog - Site Home - MSDN Blogs:

it's my removable usb external hard drive I'm using for backup.

EVENT # 2238
DATE / TIME   3/27/2014 9:03:40 PM
MESSAGE Disk 5 has been surprise removed.
BINARY DATA   0000: 00 00 00 00 02 00 30 00 00 00 00 00 9D 00 04 80
0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0020: 00 00 00 00 00 00 00 00  


On a recently deployed 2012 R2 system it looks like these warnings were generated during (or immediately after) a "Windows Server Backup". I noticed that the backups are stored in VHD's. Also, the disk numbers the error refers to (2 and 3) do not exist when I examine the Disk Manager. I assume this is normal behavior and can be ignored, correct???

[This message may be generated with a VHD is removed.  We are aware of customer feedback regarding this message and it's applicability for VHDs.]

I'm getting this just as the backup starts.  I think there's a bug that hasn't been squashed on.  Anyone else seeing this and what hardware are you running it on?

Posted Thu, Mar 27 2014 23:09 by bradley | 1 comment(s)
Filed under:

So before I get back to our SMBKitchen project, here's what I did to my Gen8 Microserver:

1.  Forget the intelligent provisioning.  The 1.5 version will not autoupdate to 1.6.  While 1.6 does support 2012 R2, it won't auto update to that version.

2.  I gave up on the autoprovisioning and just did an install from the operating system and the plain driver. In order to do that I went into the bios and disabled the smart raid adapter and put it back to normal SAS with ACHI setting.  A smart raid may be a good thing for the bigger servers, for this one the drive layout was never what I wanted.  I tried to set the four 2T drives as a Raid 1+0 and it wasn't giving me a large 4 logical place to then partition out, and when I did two 2T logical drives that also ended up in a weird config.  Bottom line I gave up and went back to the more Gen7 like experience where I let the operating system see merely DRIVES and then I did what I wanted up in the software.  This raid card may work in other servers, it wasn't doing what I wanted it to do/expected it to do.

3.  I'm still looking for a good balance of encryption with management and remote rebooting.  I bought a TPM module to install and see if I will use bitlocker to encrypt the drive.  I'll report back once it's arrived and installed.

4.  The new HP boot up process... you can make yourself a Mountain Dew on the rocks and get a second with the time the bios boots up.  All of those folks that talk about fast ssd drives. honey you won't even know you have them as it takes forrrreeeeverrr to get past the bios boot screen.  I really wish someone would sit down Meg and tell her engineers to speed up that process because it's a bit painful and adds boot time.

Bottom line I still like the form factor and size of the Gen8, but I really wish they would go back and revisit the Gen8 bios software.  The current intelligent provisioning process wasted a day for me fitzing around with the server and it not doing what I wanted it to do.

I'll be blogging about the encryption I'll be doing It later on... in the meantime back to my proof of concept migration series.

Posted Wed, Mar 26 2014 22:28 by bradley | 2 comment(s)
Filed under:

AH HA we've found (courtesy of Oliver Sommer) a grid that lists what platforms are supported on what HP servers

Windows Server Certification and Support:

Posted Tue, Mar 25 2014 23:32 by bradley | with no comments
Filed under:

and if this is that intelligent of provisioning, why then do I have to go to Program files/HP/HPSSA/Bin and enable the ability for the storage controller configuration to show up in the HP management console?

Anyway make sure you click on that enable otherwise you open up the management console and go... uh...?

Posted Sat, Mar 22 2014 14:38 by bradley | with no comments
Filed under:

To get a 2012 R2 version of Windows on a Gen8 server you'll need to install the 1.6 intelligent provisioning software.  If you attempt to do so with the shipped 1.5 it will blue screen on you.

You can't even get the unit to download the 1.5 from inside the server intelligent provisioning update process.  It appears the only way this works is to manually download the iso and flash the system.


Downloading the iso now and I'll let you know how this goes.  It doesn't want to use the Win7iso burner tool.

(As an aside another way to do this is to do the plain Windows 2012 r2 and use the Server 2008 driver (not the 2008 r2 or 2012) and it works.

Now trying this tool:  https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetails/?spf_p.tpst=swdMain&spf_p.prp_swdMain=wsrp-navigationalState=idx=%7cswItem=MTX_2aa85604194243afbdb1c29a34%7citemLocale=%7cmode=%7caction=driverDocument&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Using that tool worked. 

Once you get 1.6 on there, and make it find the usb that has the Windows OS

Once there it then picks up the Windows r2 operating system


But bottom line you'll need the 1.6, a usb flash drive or dvd, and a bit of patience as this is a less than great installation experience.

Posted Sat, Mar 22 2014 11:43 by bradley | 2 comment(s)
Filed under:


Next up I patched the 2012 R2 server and then downloaded Exchange 2013 sp1.

Note at this time it has a slight bug... which you need to fix with a KB script and it won't be fixed until the next update rollup.

No warning about patch required for Exchange 2013 SP1 | Tony Redmond's Exchange Unwashed Blog:

Then you need to download -

Download Microsoft Exchange Server 2013 Service Pack 1 (SP1) from Official Microsoft Download Center:

And you'll need

Third-party transport agents cannot be loaded correctly in Exchange Server 2013:

Download Unified Communications Managed API 4.0 Runtime from Official Microsoft Download Center:

Download Microsoft Office 2010 Filter Packs from Official Microsoft Download Center:

Download Service Pack 2 for Microsoft Office 2010 Filter Pack (KB2687447) 64-Bit Edition from Official Microsoft Download Center:


Posted Thu, Mar 20 2014 23:33 by bradley | with no comments
Filed under:

Planning and migrating a small organization from Exchange 2007 to 2013 (Part 8) :: Migration & Deployment :: Exchange 2013 Articles :: Articles & Tutorials :: MSExchange.org:

Now we're back to where we are installing our base.  This time instead of Windows 2012 I'm going to use Windows 2012 R2.

Obviously this is NOT optimal but just a proof of concept.

in the meantime read this  http://blogs.technet.com/b/exchange/archive/2014/03/19/certificate-planning-in-exchange-2013.aspx and understand we can get away with only two SSL certs.


Posted Wed, Mar 19 2014 23:22 by bradley | with no comments
Filed under:
More Posts Next page »