THE OFFICIAL BLOG OF THE SBS "DIVA"

MSDN Blogs:
http://blogs.msdn.com/b/b8/archive/2012/05/21/enhancing-windows-8-for-multiple-monitors.aspx

Data collected through the Windows Feedback Program indicates that approximately 14% of desktop PCs and approximately 5% of laptop PCs have run with multiple monitors.

Steven honey, 100% of the users in this office have multiple monitors and if I hear that you are coding through telemetry one more time... I may scream.

That is currently one of the weak points of Windows 8 - the multiple monitor experience.  Glad to know that you you are listening to some feedback.

So here's one best practice that I for sure follow... I ignore the ability to do snapshots in anything other than my Test HyperV.  On my real production, snapshots are to be ignored.

http://www.techrepublic.com/blog/five-apps/five-tips-for-optimizing-hyper-v/726

Primarily in my mind for the fact that making a snapshot of a DC isn't wise as it could lead to tombstone issues where if you roll back you could be going back in your AD history unknowingly, and then secondly ...now granted by TestHyperV is an overgrown Frys desktop, but it nails that servers performance when it snaps an image.

So just plan on having a normal backup for your HyperV child and not taking snapshots.

Viorel  in the comments says..."So what about NUMA settings Susan? And Processor core allocation? There is a good opportunity to use Hyper-V Server 8 (2012) for better performance ( >4 core) and NUMA management.

For management purpose I suggest to use add-in (cheap) netcard - onboard cards are server grade and can be more usefull for VM. "

Keep in mind that my personal experience with virtualization... I am talking about one server with two, maybe three, maybe four virtual machines on it.  And I don't think that  NUMA settings really make a huge difference for this size of deployments.  If you guys have tests and benchmarks on small servers,  by all means post them, but most of the NUMA articles I see are server farm discussions and I've not see benchmarks and tests for small servers. 

http://technet.microsoft.com/en-us/magazine/hh750394.aspx

http://blogs.technet.com/b/winserverperformance/archive/2009/12/10/numa-node-balancing.aspx

I think the better idea is to have a good enough machine that you aren't having to squeeze out that last bit of performance. 

For a SBS standard, you give it all cores that are exposed in the virtual interface.  For any other computer, I have personally found that when I put in a small virtual workstation, it worked better with two cpus than one.  Again, think about what cpu you'd be physically buying for the workload.  In the servers that I have running HyperV, the CPU load honestly isn't pulling that much.

I wouldn't recommend HyperV Server 2012 on a client machine.  It's a beta.  Play with it, learn about it, but it's still a work in progress at this time.

http://www.vadapt.com/2011/05/performance-recommendations-for-virtualizing-anything-with-vmware-vsphere-4/

And I'm not a fan of overcommitting ram or resources.  Again, these servers that I'm talking about are typically in a single firm, not in a server farm.  I think if you go down the path of squeezing every last performance out of a server, I think that's asking for trouble in small businesses.  You want room for growth and expansion.

So bottom line I let the box handle the NUMA settings and don't mess with tweaking. 

http://blogs.technet.com/b/windowsserver/archive/2012/04/05/windows-server-8-beta-hyper-v-amp-scale-up-virtual-machines-part-1.aspx

http://www.techrepublic.com/blog/five-apps/five-tips-for-optimizing-hyper-v/726

http://workinghardinit.wordpress.com/2011/08/08/virtualization-with-hyper-v-the-numa-tax-is-not-just-about-dynamic-memory/

Granted you have to understand my HyperV mindset.  In my HyperV world, it's the SBS that is the head cheese and everyone else is secondary.  If you have a SQL server that you want to tweak because there's some app that is written poorly and needs some TLC, well you might want to play around with those settings.

Bottom line I can't give best practices here because I personally haven't done enough testing to know what a best practice for SBS would be.

This one I think you'll have to do some tests yourself.

So how much RAM do you need?

When you are using the full GUI of 2008 r2 as the parent, reserve 1 gig for the needs of the OS.  Then carve out the ram for the rest.  SBS, Exchange and SQL will not do dynamic memory.  I've got a small biz mentality that isn't so sold on "over committing" memory anyway.. I think it's asking for trouble.

SBS 2011 standard - I'd say 16 gigs or more is where you want to have your mind at.  SBS 2011 essentials however, you can set that RAM much less.

And remember whatever the inside child is assigned as ram, that's what the outside partner will have in use. 

And how much ram should you have in the parent?  Remember that win2k8 r2 standard has a max of 32gig.  If you use the free non gui HyperV server you can bump up the ram.

Make sure you've installed all bios updates on the parent.  Dig into the network card and especially if it's a broadcom, get those latest nic drivers.

http://social.technet.microsoft.com/wiki/contents/articles/365.hyper-v-gotchas.aspx

Because SBS doesn't support nic teaming I tend not to do it.  Sometimes keeping it simple means you keep it simple.

So now that you've built the parent, have it in your mind that you got so much ram for each child, you've got a network connection set up on two nics, one is the main nic I'll call the "admin" nic.  This is the one you'll RDP into and use for maintenance.  Now set up at least another one that will be the nic that you bind the children to. 

This took a bit of mind wrapping... as you end up with something I'm going to call the outside nic and an inside nic.

First off on the parent all you install is the HyperV role.  That's it.  Nothing else.  And in fact on the free HyperV server, that's all you are allowed to do.  Same with the 1+1 role you get when you get a copy of Win2k8 r2 server and are allowed to lay down a parent HyperV.  You start the server, go to Server manager and add the HyperV role.

Now you launch the HyperV manager.  On the right hand side you click on Virtual Network manager and you build a network connector.  I normally call this External so I know that this connects to the outside. 

(this is my test HyperV box at the office).  The box that is checked that says "allow management operating system to share this network adapter" is checked that way due to the HyperV wizard - http://blogs.msdn.com/b/taylorb/archive/2009/01/12/hyper-v-v2-guest-only-external-networks-add-roles-wizard-changes.aspx

When it does that ..and this is the part you have to get your head around... that one physical nic turns into two nics and the bindings on each indicates which one has the bindings inside the virtual machine.

See how one has the virtual bindings and one does not?

You need to set up a virtual nic and bind it to a live nic in order to have external internet connectivity

For every physical nic you can bind connections to it.  In a small firm ..and especially in a test server you can actually have multiple machines share the same virtual nic.  In production you probably want to plan your nic bindings a bit more carefully and not so willy nilly.

Up next...we start to install the SBS Essentials.

Raid can be a bit of a religious argument.  Raid 5, Raid 10 ...what's your passion?  In my case I like Raid 10 because someone told me I should get Raid 10 for the type of data I have - SBS.  http://www.cyberciti.biz/tips/raid5-vs-raid-10-safety-performance.html   Others have actually done testing, me I just believe.

Now I don't set up the configuration so that the vhd's match the partitioning in the HyperV parent but some do. 

But the main thing is when you have a hyperV parent and are planning multiple virtual machines... you are putting your eggs in one basket in terms of hardware.  So select well so that it will keep chugging even if it drops a drive and what not.

Distribution and recipients list 100 email address limitation | Forums | Groups | Go Daddy Support:
http://support.godaddy.com/groups/community/forum/topic/distribution-and-recipients-list-100-email-address-limitation/?pc_split_value=1

In the native (not Exchange) hosted email of Godaddy you can only set up a Distribution list that contains a maximum of 100 members.

Wow..who knew.

I'm going to blog that answer over a series of blog posts.

Step one, get a nice server.  If you are going to do hyperV you want one that does raid.  I like a box that you can walk up to it, yank a drive out and the server keeps on chugging. 

I prefer HP myself. 

Next I haven't seen a server of that quality that didn't have a quad nic card.  While I'm of the opinion that separating the management nic from the "working" nic is probably not as big of a thing if you are only running one or two machines in HyperV, you'll have a quad card there anyway.

However you set up the server for the raid, you'll end up partitions in the virtual machine that may or may not match the physical disks on the actual server.  And that's actually okay. 

Next up installing the operating system...

Congrats to Jeremy Anderson named https://www.microsoftcommunitycontributor.com/logon.aspx Microsoft Community Contributor for his work in the forums.

Way to go Jeremy.  He'll be in New Orleans with the Third Tier preday event as well!! http://www.sbsmigration.com/pages/406/

Jeremy Anderson :: Third Tier:
http://www.thirdtier.net/who/jeremy-anderson/

Cloud Computing Security Benefits Dispel Adoption Barrier for Small to Midsize Businesses:
http://www.microsoft.com/en-us/news/Press/2012/May12/05-14SMBSecuritySurveyPR.aspx

Now before you read the report... read the fine print of how many people they surveyed...and how people self selected themselves for this...

Note: With pure probability samples of 94 (U.S. cloud) and 93 (U.S. noncloud), one could say with a 95
percent probability that the overall results for U.S. cloud users and nonusers would have a sampling error
of +/- 10.1 and 10.2 percentage points, respectively. Besides sampling error, all sample studies and polls
may be subject to several additional sources of error that cannot be calculated, including, but not limited
to, coverage error, error associated with nonresponse, error associated with question wording and
response options, and post-study weighting and adjustments. It should be noted that the sample used in
this study is based on those who initially self-selected for participation, therefore no complete estimate of
sampling error can be calculated.

I'm getting increasingly concerned in regards to the level and quality of Microsoft support.  I have personally set up support cases for folks on this thread - http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_update/kb2686509-repeatedly-fails-with-error-code/0deeacb6-115c-419d-ac37-03ff8927b79c  and have had folks email me saying that they contacted Microsoft.

The guy who contacted Microsoft directly at 1-800-microsoft was sent off to consumer support where the technician used logmein.  Since when does Microsoft support use logmein?  He wrote...

 I've seen your messages on the Microsoft Answers group regarding this update and the fact that many people, myself included, are having difficulties installing it.  I decided to contact Microsoft for assistance.  I spoke with a very patient gentleman who, to his credit, worked on the problem for nearly four hours.  He had me download a logmein client and was able to take control of my computer.  However, after several failed attempts he tried to convince me that this update was likely not compatible with my computer.  I asked him how he knew this and he gave me very generic answers about how certain updates are compatible depending on usage.  I kept asking him to elaborate and I think that his point was that certain updates are compatible with certain programs but I found his answers vague and extremely generic, not to mention unhelpful.  If it can be explained to me that this update is not necessary or applicable then I will accept this and won't worry about it.  I told him that I was not satisfied with the resolution of the call and that I wished to speak with another technician.  He said that someone would call me in an hour or two.  I know that others on the forum have had success in installing this update when doing some registry hacks.  I don't mind doing it but I'd like guidance while I do it.  I consider myself an intermediate user and I'm not afraid to try anything that might fix this.  Is there anything you can advise me when/if this person should call back as far as what I can suggest or how to direct the technician?

This patch is applicable to all Windows XP machines.   It is applicable to all Windows XP machines.
Next I set up several support cases and the "scope" email that was setup for two of the cases said this...

Issue Definition: Unable to install the specific update KB2686509Scope Agreement: We will work together to help you install the KB2686509 through the course of this case. Once we are able to install the update we will consider the ticket as resolved. AlsoYou receive this message if any registered keyboard layout files are not in the %Windir%\System32 folder. In this scenario, the computer is incompatible with the security updates. If that is the scenario then there is nothing much we can do because the hardware is not compatible with the update.

Nothing much we can do?  Excuse me?
Genius bar this isn't for sure....

From a comment in the blog:

For anyone that knows I still have an Acer Travelmate C110 you'll be pleased to know it can handle a SSD drive.

What it can't handle is Windows 8.  Barfs.  Completely.  So I think I've hit the wall with it on Windows 7.

But at least it's a little more speedy now.  Still is a nice size for travel.

It's the patch Tuesday weekend and we have a doosey.  I've seen on average about 18-24 patches PER workstation.  Several .nets per version of .net and several versions of .nets.  Which makes for a slow patching weekend.

The patch causing either no issues or lots of issues appears to be KB2686509 - which is ONLY on XP and Windows 2003.  It's a backporting of an keyboard protection that Vista and later already has.

MS12-034: Description of the security update for CVE-2012-0181 in Windows XP and Windows Server 2003: May 8, 2012:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2686509

While I applaud Microsoft for backporting a protection that they already gave Vista and Windows 7, the fact that the deployment of it .... is .... for lack of a better description... totally sucky.... leaves a lot to be desired.  The patch installs and should it fine keyboard files that shouldn't be whereever they are, it fails with a cryptic error message.

In my personal case, I had disabled a scroll lock key and this alone caused the failure -- with no failedkeyboard.log file as there is supposed to be in the documentation.

In other cases, there is left behind a failedkeyboard.log file and you are told to dig into your computer and copy .dll files.

There appears to be a third failure as yet not documented well in the KB.  In this third one, any language keyboard files under the keyboard registry key causes the failure.  The failedkeyboard.log file doesn't point to dll files, but rather kbd files listed in the log file.

Bottom line, install the .net's separately (assuming you want to do them this weekend.  And be prepared to deal with this XP patch.

We're patching for this issue:  http://blog.coresecurity.com/2012/05/10/the-big-trick-behind-exploit-ms12-034/?utm_source=dlvr.it&utm_medium=twitter

How satisfied are you with the quality of SBS 2011 Standard?
How satisfied are you with the quality of SBS 2011 Essentials?

I'm just interested to see the feedback.  Unscientific survey and all that.

Figured out my patch failure.

I've Hit F12 For the Last Time - Jesper's Blog:
http://msinfluentials.com/blogs/jesper/archive/2007/05/04/i-ve-hit-f12-for-the-last-time.aspx

============

Bingo that was it.  I had forgotten that I had remapped the scroll key on this pc.

From a command prompt copy the following:

reg delete "hklm\system\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /f

Hit enter.

I did that, rebooted the pc, reinstalled the patch and it took this time and did not fail.

Update:  see also http://msmvps.com/blogs/bradley/archive/2012/05/14/i-wrote-a-vb-script-to-fix-two-problems-while-running-microsoft-security-update-kb2686509.aspx

Yes. The detection logic for the security update package identified as
KB2686509 performs an eligibility check of the system in order to verify
whether the system meets the requirements to activate the fix applied by
KB2676562, which addresses CVE-2012-0181. If the system meets the
requirements, both KB2686509 and KB2676562 will be successfully
installed on the system and the vulnerability described in CVE-2012-0181
will be addressed. Otherwise, KB2686509 will be re-offered until the
system does meet the requirements. Successful installation of both the
KB2686509 and KB2676562 update packages are necessary to be protected
against CVE-2012-0181 on Windows XP and Windows Server 2003 systems. If
your system does not meet the requirements to install the update, please
follow the guidance documented in Microsoft Knowledge Base Article
2686509 <http://support.microsoft.com/kb/2686509>.

MS12-034: Description of the security update for CVE-2012-0181 in Windows XP and Windows Server 2003: May 8, 2012:
http://support.microsoft.com/default.aspx?scid=kb;en-us;2686509

I have an XP at the office getting this offered up over and over again, and it doesn't have faultykeyboard.log file.

So I'm calling support tomorrow as noted to make sure that Microsoft is aware that folks are hitting this.

...and I'm not the only one - http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_update/kb2686509-repeatedly-fails-with-error-code/0deeacb6-115c-419d-ac37-03ff8927b79c

Hang loose while we figure out what's up.

 UPDATE:  See http://msmvps.com/blogs/bradley/archive/2012/05/09/kb2686509-repeatedly-fails-with-error-code-0x8007f0f4-fixed.aspx for the resolution in my case.  If this does not work for you, call 1-800 Microsoft and set up a support case.  It will be a free call as it's a security patch case.

Whoohoo they finally are tracking the changes in the document!

Download: Migrating Windows SBS 2003 to Windows SBS 2011 Essentials - Microsoft Download Center - Download Details:
http://www.microsoft.com/en-us/download/details.aspx?id=3231

This version includes the following updates:

·         Corrects and clarifies the level of permission that is necessary to join a client computer to the Windows SBS 2011 Essentials domain.  (The installation process requires network administrator privileges for domain-joined client computers. Network administrator privileges are not required for computers that are not joined to the domain)

·         Clarifies the steps necessary to configure the CRL distribution list.

·         Updates the script that is used to bulk import users into the Windows SBS 2011 Essentials Dashboard. The revised script leverages the improved code that is included in the Windows SBS 2011 Essentials SDK.

Released: Update Rollup 7 for Exchange 2007 Service Pack 3 - Exchange Team Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/exchange/archive/2012/04/16/released-update-rollup-7-for-exchange-2007-service-pack-3.aspx
Support lifecycle statement: This is the final release under standard support for Exchange 2007, as the Exchange 2007 Mainstream Support has now ended. Extended Support for Exchange 2007 SP3 will end on 4/11/2017.

....I always use Exchange as the guideline for support for SBS.  That means SBS 2008 is supported until 4/11/2017 too.

Lots of stuff are left behind in log files.

Spotted this in the partner forum tonight:

If you are using Office 365 for Small Businesses, we need to trouble-shoot the issue at the client side. I’d like to check the desktop setup logs to see if the pc has been setup correctly. The Office 365 Desktop Setup log files can be found in the following locations:

1. On a computer that is running Windows 7 or Windows Vista, the log file can be found in one of the following locations:

1. C:\Users\<var><User_Name></var>\AppData\Local\Microsoft\Office365\DesktopSetup
2. %LOCALAPPDATA%\Microsoft\Office365\DesktopSetup

2. On a computer that is running Windows XP, the log file can be found in one of the following locations:

1. C:\Documents and Settings\<User_Name>\Local Settings\Application Data\Microsoft\Office365\DesktopSetup
2. %USERPROFILE%\Local Settings\Application Data\Microsoft\Office365\DesktopSetup

Microsoft’s Lady Licensing Details How System Center 2012 Licensing Makes Cloud Management Easier - Volume Licensing - Site Home - TechNet Blogs:
http://blogs.technet.com/b/volume-licensing/archive/2012/05/04/microsoft-s-lady-licensing-details-how-system-center-2012-licensing-makes-cloud-management-easier.aspx
Follow up from DFW IT PRO Meeting - Yuri Diogenes's Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/yuridiogenes/archive/2012/05/04/follow-up-from-dfw-it-pro-meeting.aspx

Lately I"ve been struggling with Microsoft's big push for Private cloud because I don't see that it's small business-able at all.  To me private cloud is a private, colo deployment of servers.  Like how this web site runs on a server in Dallas Texas and it's not a shared tenant site with anyone else. 

When Microsoft talks about private clouds, they are not talking something sold to small businesses.  Even the licensing of system center isn't small business friendly.

What small businesses are doing right now are sharing clouds, and hopefully with nice neighbors.