THE OFFICIAL BLOG OF THE SBS "DIVA"

Microsoft has received your order, and it is being processed.

Ordered From: Windows Small Business Server 2003 SP1
Order Number: 01112007580056
Order Date: May 23, 2005
 

Order Status: Shipped 

Sure enough... I have three cdroms in my possession 
that are the official Premium SP1
TRUST ME ... you WANT to order the cdroms.  
They are SOOOO much better than the manual download. 
None of this update.exe or manual extraction stuff.
Not to mention the Smallbizserver.net page says 
exactly what to expect.

The Gulf Coast SMB Partners Group will hold its second meeting on the
23rd of June at 7 PM at Univ of West Fla Bldg 71 Rm 133 with Jeff
Middleton (SBSMigration.com) presenting Swing Migration and bringing a
great door prize. You are cordially invited to attend. Details and
registration at  http://www.clicktoattend.com/?id=103062   and
registration at Link is required. Please register early so we can get an
idea of attendance and seating is limited so insure your seat now!
Driving Directions link is on Registration site.

hmmm....wonder if the extension cord for the laptop will reach that far on the beach. 

Ya think?

Fellow SBS MVPer Frank McCallister is the leader of this group and brings a ton of varied and wide variety of experiences to the table.  Just reading about the stuff he's done it the past is amazing.  Grab a beach chair, a bit of suntan lotion and say Hi to both Jeff and Frank for me, will ya?

Yeah Sean, I know... too many pictures....

Okay I'm bummed.  You see I have the opportunity to go to Redmond as part of my last official act as Chairman of the Technology Committee of Caliornia Society of CPAs and I just might have the opportunity to get the book “Protect Your Windows Network:  From Perimeter to Data” signed by the authors.... except for one teensy weensy problem.  Even though Amazon says it's released [heck they even say they have used versions of a new book for sale], the book looks like it's not going to make it in time for me to have it for an autograph. 

Rats.

Oh well, remember if you can't be at TechEd to hear them in person, you can listen to them via a live webcast:

Steve Riley on Security policies, and Dr. Jesper Johansson on the Security Configuration Wizard.

Okay who wants to place a bet that someone is going to ask him during the presentation if you can run the SCW on SBS?

Remember that while it truly won't 'kill' us, it really doesn't do much [other than if you hit the settings to kill off Windows 98 machines, then you truly will indeed have an security impact], so don't use this tool to harden the SBS box.  It's pretty well tweaked for now.

When something is broken, it's wise to fix 'that' before doing a work around.  I had two examples come across my desktop today.  The first was a poster on the PatchManagement.org listserve who was having issues with Mapped drives being messed up after a security patch and the way he was fixing it was to reboot the server....at first weekly...now more like daily.

....that's not exactly the greatest fix for a issue with a patch in my book, I'd be calling Microsoft Product Support Services [remember issues with a security patch are a free call] and properly diagnosing that issue with some netmon tracing and what not.

The second was a blog poster who asked me to blog about the manual way to set up the ntbackup because if he used the wizard the server would spontaneously reboot in the middle of the night.  If they ran it by hand, it wouldn't.

Uh... that's not exactly a topic that I plan to blog about and I'll tell you why.... the wizard...and all wizards on a SBS box ...should world.  Remember Yoda?  Do or do not, there is no try?  Well the same holds true with the wizards.  They work.  If they don't work, fix the fact that they aren't working...but they should be working.

Applying a service pack on top of a broken connect to internet wizard isn't going to fix the broken wizard.  It might reregister a dll or two, but if there is some foundational setup part wrong, applying a service pack over something that is broken isn't going to help too much.

If something doesn't work...google the exact error or call Microsoft Product Support Services [it's called CSS these days...but I'll probably always call it PSS].  Get it resolved 'before' the service pack install...not afterwards.

Once upon a time in a galaxy far far.... oh wait...sorry ...wrong story...

Once upon a time on my SBS 2000 box I used to have a Undelete product that would help me keep files that people stupidly deleted.  Well one day one of my drives dropped out on my server array and due to that undelete product ... I ended up with a bit of a mess on my hands afterwards.  Needless to say, and especially with SBS 2003, I haven't installed it back on the 2003 platform because it's not needed anymore with the Volume Shadow Copy. 

Handy Andy put up a tip on how to better utilize Shadow Copies that came from the O'Reilly book Window Server Hacks.  I like the book series but honestly, wish they would change the titles...the “hack” part just doesn't have the same meaning it once used to.  The old definition meant to do something really cool, the new one, well it doesn't mean what it used to anymore.

Check it out and enjoy!

Got a potential customer who is on the 'edge' of buying SBS?

This just might shove him or her over......

Microsoft Canada is happy to host the first SBS webcast directed at
end-customers. Les Connor will be presenting the SBS benefits valued by
most customers. From Owner to Owner. I urge you all to invite those
customers who are currently considering their first server purchase.

Increase Your Productivity with Windows Small Business Server 2003
Webcast - June 14, 2005 or June 16, 2005
<http://www.microsoft.ca/increaseproductivitywebcast>

Learn the real facts about Small Business Server 2003 as shared from one
small business owner to another.
Register Now: www.microsoft.ca/increaseproductivitywebcast
<http://www.microsoft.ca/increaseproductivitywebcast>

One of the very confusing things about this service pack is when you go to download it and you blondely click the download button it blondely only downloads the last patch of the series and does not direct you to install the five parts.  And of course if you don't read..which of course none of us geeks do, when you go to install this ... it says you need Windows 2003 sp1 first.

No wonder everyone is getting confused about this....

Order the cdroms...trust me.. you life will be a lot easier.  Then follow the how to on the Smallbizserver.net site.

Found a blog that said that Exchange was too complicated and while I would argue that setting up Exchange with a MX mail record just might be a little ...well... sometimes frustrating depending on your ISP...the wizard of SBS to set up email...it's not that bad.  Not like Tim makes it sound.

The dirty little secret of the SBS world is that while many of the consultants turn their noses at using POP...it's the most comfortable transition from a firm who's used to peer to peer and based on my unofficial view, probably used way more than we think.  Yeah, yeah you still have the 15 minute issue, but do you honestly truly need Spam that much faster?

I just think we need to recognize that Pop is probably used a heck of a lot more than we'd like to admit around here.

Just remember run the Connect to Internet Wizard.

Someone in the newsgroup asked about that 'thingy' in the corner that is now in the system tray after the application of the Service pack.  Well for one, if you are just NOW noticing it because you never had it before...you kinda missed a critical patch along the way as this is caused by an update that came down on Windows Update ages ago.  KB 829358 is the one that brings down that \\ thingy.  But not to worry you can either just get used to it down there or delete it off.

I guess I'm a lazy bone because I've just ignored it. It's only a cosmetic issue and you easily remove it from the start tray...but Windows did that one to us a long time ago... so if you've never had that before now... you might want to remember that second Tuesday of the month is Patch Tuesday and put in place a Patch Management process to ensure that you are getting patches on that Second Tuesday of each month.

Struck up a conversation in the plane back from Texas as a matter of fact with the lady who sat next to me who was in charge of application updates for her firm and she didn't know that second Tuesday was patch Tuesday.  Guess I should warn people when they sit next to me on airplanes that you might get geek speak for the plane ride.

If there's one thing we newsgroupers don't do sometimes is properly communicate.  One of the misunderstandings around the SBS 2003 sp1 install is that we in the newsgroup went out and said “oh you don't need Windows 2003 sp1” and then now we are saying you do as step one of the SBS 2003 install.  Also the next expectation that was set was that a service pack for SBS would just as easy as adding water and stirring. 

So let's take the miscommunication... first off what we should have said was that “Don't install the Windows 2003 sp1 service pack 'just yet'.  I knew we needed it as part of our SBS installation and just said “don't install it“ but we should have been clearer that we meant that you didn't need to do it just yet.

As far as applying service packs, I've been patching SBS servers since SBS 4.0 days and because we have a lot of components, the service pack part is always done in a modular setup.  For those that haven't worked with the SBS platform before, I'd strongly recommend that you order the cdrom media as the fabulous M&M's have put together an exact how to with the cdrom install.  The cdrom install in my opinion is way easier.

I've said this before, I'll say it again, I don't like service packs in SBSland.  Give me a security patch, give me a non regression tested hotfix, but security patches have always been icky in SBSland.  I still remember how I found the newsgroups in the first place, I was running SBS 4.0 and doing either the patch to 4.0a or 4.5 and discovered the newsgroups around that time that let me know that there was a window you had to close to find the box you had to click to  say “Yes continue” or something like that.  So I guess I”m a bit jaded in that I think Service packs are just plain icky, period.

Once every year there is a SBS love fest called “SMBNation”.  Hosted by Harry Brelsford, it is THE SBS var/vap event that gets folks from around the world together.

This weekend I popped over to Texas and sort of had my own mini SMBnation event with some folks here [The Mac guru Eriq Neale being one of the folks that I met up with and had 'geek dinner' with].  I warned Eriq that our mini geek out dinner was a preliminary event to SMBnation....it's where you can speak SBS geekdom for several days and no one rolls their eyes..no one thinks you are insane because they are just as insane as you are.

Rooms are filling up fast.... and if you haven't booked... you'd better.

Dana Epp and I will be presenting on “How compliant is your SBS” which will basically be trying to blast through as best as we call all the confusion about security, HIPAA, and any other industry that your clients may have to deal with and is concerned about security of their SBS box.  Even if you are not in a regulated industry, it will be a 'let's look at SBS from a risk level and make smarter decisions about our boxes' discussion.  So many times we just do security tweaks and stuff and don't even understand why we do what we do.

SMBNation.... if you are a SBSer... you should be there.  I will.

At the Dallas Fort Worth Airport getting ready to fly back home after a quick trip to Texas and while there is Tmobile hotspot available hear... finding a power plug in is near impossible.  What is up with these airports that think we are just going to watch CNN while waiting for the plane rather than blogging and reading emails?  I mean really.....

Remind me that I need to buy a spare battery for my tablet pc so I can have juice to entertain myself in the airport and then juice to entertain myself in the plane.  My Acer Tablet is a perfect size for traveling but the lack of airport plug ins usually means if you see someone sitting cross-legged on the floor next to a plugin in an airport... introduce yourself.... it just might be me.

What's that?  It's the localised versions of SBS that are now available!  Remember SBS supports ... I think it was 17 languages and as they are done, that drop down on the download page will start offering more languages.

Remember that Asia, Australia and Latin America, you need to call for the Premium cdroms, all others you can put in the Product key code and order online.

Flew into Dallas/Las Colinas Texas for a quick trip and right across the freeway exit from where my Hotel is... is a Frys Electronics store.

It's a sign.  If you don't hear from me, it will be because I'm passed out from breathing in the 'new electronic smell' from the entryway.

Stay tuned... more later.

The impression that some are getting is that the only patch they need is the last download called SBS 2003 sp1.  That's an incorrect view.

You remember back in school geometry classes when you had sets and subsets?  Okay SBS 2003 sp1 is a glob of patches which are Windows 2003 sp1, Sharepoint sp1, Exchange 2003 sp1, XP sp2 client updates, and then some specific SBS patches that includes the MSDE updates.  For premium you also get another disk that has SQL Server 2000 sp4 and ISA Server 2004.  But all of those together make up the Service pack that SBS needs.

So when we went screaming to the newsgroup “don't install Windows 2003 sp1” what we really should have been screaming is “Don't install it just yet”  We had to have you wait because Windows 2003 SP1 all by itself would break a few things here and there and the full SBS patch bundle fixes everything back up.

You have to lay that down as a foundation 'BEFORE' you do the rest of the patches.  So for those of you reading in the Dell information that Windows 2003 sp1 isn't supported on SBS 2003, Dell too should be saying “we support it IF you apply the rest of the SBS patch bundle”.

Get it now?  Just like we are made up of parts, so too is our patch.  We have normal server under the hood and need the normal server patch FIRST before we get the rest of the parts.

Now if you already patched for Sharepoint, you can skip that....and Exchange...skip that...but I'd install the XP sp2 client folder update.

Any questions?  I see that the cdroms are starting to get delivered... fun for the Memorial Day weekend!

Then you'll need a patch for that main server to fix and issue where Outlook 2003 running on Windows Server 2003 sp1 [a terminal server box] cannot connect back through that SBS 2003 SP1 box running ISA 2004 and pick up new messages.

RPC data may be blocked, and Outlook may not start in Windows Server 2003 with SP1:
http://support.microsoft.com/default.aspx?scid=kb;en-us;897716

You can find the download you'll need for the ISA 2004 server on the SBS 2003 box here:  Apply it on the main SBS box, but it's purpose is to fix the issue with the member Terminal Server box.

ISA 2004 Enterprise edition patch:

Outlook 2003 running on Windows Server 2003 Service Pack 1 cannot connect to an Exchange 2003 server through ISA Server 2004 Enterprise Edition. Earlier versions of Outlook may also be affected. 

ISA 2004 Standard edition patch: 

Outlook 2003 running on Windows Server 2003 Service Pack 1 cannot connect to an Exchange 2003 server through ISA Server 2004 Standard Edition. Earlier versions of Outlook may also be affected.

ISA 2000 edition patch

Outlook 2003 running on Windows Server 2003 Service Pack 1 cannot connect to an Exchange 2003 server through ISA Server 2000. This problem may also affect earlier versions of Outlook.

There are times when us SBSers are like cockroaches...we are just EVERYWHERE.  So I'm listening to geek webcasts  which are way more useful than talk radio anyway and someone in the audience chides Steve Riley [and SBS for that matter] for default loading the client desktop into local administrator.  Wizard, wizard, click click and there you are as local admin.  And while... I guess you can beat up SBS for that... I'll show you my stupid line of business applications that force me into local administrator whether I like it or not.  I would argue at this time, the average small business is not ready for running without administrator rights without a lot of guidance from a savvy IT consultant.  

In the meantime, as consultants, as consumers of software, we need to seriously start yelling our heads off each time an application we use won't run with restricted user rights. 

I do need to correct Mr. Riley for one point he made, the default is INDEED to have SBS 2003 'enable' the XP sp2 firewall on the local machines and this helps our machines join with the ISA 2004 server in a 'fortress' inside the network as well as the outside firewall. 

Now many have asked ...”why do I need a firewall on the inside of the firm when I already have __fill_in_the_blank___ firewall on the outside?  I'm protected just fine from the bad stuff out there.

Ah..but that's the problem.  The bad stuff isn't just out there anymore..it's in here.  In the wintertime, when you know you will go out into subzero degree temperature [not that I know what that is living in California as I do, but I can imagine], I don't think you just put on a parka and nothing else.  No it's the silk longjohns and then it's the leggings, and then the parka, and then the hat, and the scarf and even feet and hand warmers if need be.  It's layers to protect you.

Okay so let's move over to that workstation in your office.  Without the firewall helping it to protect itself, it's just sitting there all ooooshy and gooshy just waiting to talk to anyone and everyone wanting to to talk to it.  Our networks have been built up like eggshells, with hard outer protection and nothing on the inside at all.  And we can't do it that way anymore.  It's not working.  And I can stand here and tell you that I have the firewalls on the inside of my network and I do not notice any annoyance at all.

Try it with the layers left on.  Add your own program exceptions.  But try it.  You might find like I do, it's no bother at all. 

Now that SBS 2003 sp1 is out, you can also get the Mac Outlook client called Entourage by calling 1-800-360-7561 in the US/Canada [5 a.m. to 7 p.m. pst] and ask for part number Q56-00005.  I just checked with that number and that's all you need to get a copy of Entourage for your SBS 2003 clients.  As a [three year] SA customer I got the media for this AGES ago [see why SA is a good thing] and thus haven't needed to worry about tracking this down.  For those overseas, I'd track down your supplemental part phone number and again, use that SKU number.

A question from the blog comments that I want to bring up front... If you have SBS 2003 premium edition, you will GET ISA 2004 merely by ordering the service pack on CDrom and choosing the “Premium” drop down.  You don't need to “buy” it, just need to pay for shipping and handling.

I would not install the rest of the service pack without ISA for the very important reason that once you install Windows 2003 sp1 you will need a patch for ISA 2000 to fix Outlook over http...this is not an issue in ISA 2004, but is with ISA 2000.

So for Premium folks... order the cdrom.

Savez-vous quand SBS 2003 sp1 sera disponible en France? ...which if Google Translation did it right...means “Do you know when SBS 2003 sp will be available in France?”

If you notice on the SBS 2003 order page there are two ways to order... group number one is doing it the 'geek' way with drop down order forms.  At this time only German and English versions of SBS 2003 sp1 are available but more are on their way and should be out soon.  I'm not sure exactly when, but normally the software is 'localised', ensured it is as secure as it's other languages and then gets shipped.

So for all of those waiting for Spanish, French, etc... be just a bit more patient.  It's in the works.  And that's why you only see English and German options now, and why certain countries aren't listed.

For those in Asia, Latin America, Caribbean and Australia, you need to call.

I expect that as the three year SA customer [as opposed to the two year version] that I'll probably get my SBS 2003 sp1 media automagically, but I've gone ahead and ordered a copy just in case. 

Again, for Premium customers, you must order the cdroms to get ISA 2004.

P.S. Fixed the spelling of localised and all languages are as secure as each other...except maybe the Klingon version of SBS might be a tad more secure than the others.