[There's a reason that Yoda is the unofficial mascot of SBS.  Size indeed matters not.] July 2005 - Posts - THE OFFICIAL BLOG OF THE SBS DIVA

July 2005 - Posts

You are right.

Live with it [see note below for reasonable shut down times]

Microsoft Issues Fix for SBS 2003 Slow Shutdown:

The shutdown process takes longer than expected to finish on a Windows Small Business Server 2003-based computer:

Now what I don't quite understand is the file on my 'non patched' SBS 2003 sp1 box is the same version as in that KB article.  But I haven't gotten around to requesting the hotfix to see what's 'really' in it.


Update:  Upon further investigation..we ALREADY have this QFE fix in our SBS sp1 boxes... the KB article is misleading because it says “you need Service Pack 1 in place before applying this' ...what they mean is ... 'you need Exchange 2003 sp1 in place before applying this“.

Bottom line if your server is taking a minute or two to shut down... it's normal.

If your server is taking like longer than 10 minutes or so... that's not normal and should be investigated.



 

I've always said that I speak Californian...not English...but Californian.  And somehow I slid through my high school and college years not being forced to learn enough of a foreign language to be literate in anything other than Californian.  (No, the Taco Bell menu doesn't count as knowing Spanish...'Chalupa' is not a real word, and singing enough latin songs in Choir...well let's just say Latin has a small following in the spoken word department). 

So who knew our phones had more language skills than I do?  All this time I've been thinking that a person who types/sends emails from a Audiovox phone was...

  1. Insane
  2. Geek
  3. Thumb overachiever
  4. All of the above

What I didn't realize that there's this 'helper' language on the phone to jump start your responses.  The Tegic T9 language is a 'predictive text' language that will learn as you type.  There's even a T9 dictionary that in the margin gives some interesting tidbits that let you know that 22663 [translation: as a matter of fact] men are more likely than women to send a mobile instant message or text message at a busy meeting [30% versus 17%], but 3949 [translation: For what it's worth], women are more likely than men to send one when they are using crowded public transportation [41% versus 30%], and in bed [26% versus 14%].  .....hmmm.... okay I'm a geek but I don't take my cell phone to the bedroom..495946 [translation:  If you know what I mean]

So on more googling it appears that this is called “Textonyms” and T9 isn't the only language out there but a whole category of predictive languanges.  24868 [Translation: But in the Meantime] T9 is a subsidiary of AOL .... I mean ..... who knew that what I see as a form of leet speak was going to be turned into a standard for cell phone messaging.

Once again proving that one should 78369 or better yet 7836 [translations:  see below].

P.S.  I noticed in Cnet's reviews they say the Audiovox is “difficult to sync to a corporate email server”... well if you are as blonde as I was yes...otherwise... I disagree on that one. 


Translation:  78369 = Read the Documentation/Directions

Translation 7836 = Read the F....... well you know..  the manual

In SBS 2000, we had built into Exchange an internal instant messaging inside the office.  It was our internal lunch ordering system “Hey Susan, what do you want for lunch?”, it was our internal 'ping' system to tell someone was in the lobby.  It never went outside the office [we had MSN IM if we needed that] and it didn't connect to VoIP [heck we didn't have VoIP]. 

So along comes Exchange 2003 [and ergo SBS 2003] and the folks at Microsoft realize how cool internal messaging is and pull it out to be a separate product.  No sweat for me as I have Software assurance on SBS 2000 so I am able to catch Live Communication Server 2003 as a benefit and I then proceed to stick “it” on Software Assurance as well to ensure that it's kept up to date [I stick it on the three year SA plan so I get the media automagically].  Please note, this is one of the reasons that I love Software Assurance... so far the 'bet' I made on SA has handsomely paid off because I was able to keep my lunch menu system even after the upgrade to SBS 2003.

So .. I had to admit this.. but I have yet to upgrade my LCS 2003 [which I stuck on my member server since it's now a separate license and I could] to the LCS 2005 version.  So someone the other day was saying how cool Office communicator was as he could log in there and have it forward cell phone numbers and VoIP info and what not [and I'm like...what's Office Communicator?  Is that another new product or something?] and so as I'm putting away cdroms on Friday I realize that I have Office communicator as a part of the July media release I got for Live Communicator Server 2005.  You see it's the update to Windows Internal Messenger 5.1 that I use now as an internal IM client to my LCS 2003.

...okay ...but... I still argue that for my internal messaging needs.. you know... the one I use to arrange who's going to get the lunch for the day... we don't need anything to go 'outside' the firewall.  We don't need a VoIP hook in.  We don't need cell phone updates.  If I want anything that geeky...I'll use MSN IM's for external stuff.  I only want individuals to have a basic internal messaging system.  Nothing fancy.  And certainly not something that costs this much....$1,199 for the server and 5 cals?  Wow.  Definitely not SBSized anymore.  Good thing I caught LCS on software assurance when I did...I didn't pay that when I signed up. 

Hmm... I'm definitely a gal who likes to update as I strongly believe that being on the latest [aka Borg] keeps you secure, but I do wish that someone on the LCS dev team would come up with a 'lite' internal only version of LCS.  You know... something that is just enough for people in the firm to say “if you are going to Taco Bell, make that a Chalupa and Mountain Dew please?”

Microsoft names local business as specialist
Record-Journal - Meriden,CT,USA
... he took an exam to show his knowledge when it comes to programs such as Windows XP Professional, Microsoft Office 2003 and Windows Small Business Server 2003. ...

Microsoft Announces First Small Business Specialist in Atlanta
dBusinessNews Atlanta (press release) - Atlanta,GA,USA
... as the value to small business of several software solutions, including Windows ® XP Professional, Microsoft Office 2003 and Windows Small Business Server 2003 ...

As the first of the press releases come out ..even if you are not one of the first in your area.. Press Release it yourself!  Anytime you do something cool, make sure your clients know about it.  Send out a note!  Send a note to your local paper.  Get yourself more known in your community.

And if you are installing SBS servers, not only should you be a registered partner..but I'd argue strongly that you need to be a Small Business Specialist designation.  Okay so it's not perfect..the sales exam is very "dark side of marketing" and all that ...but nothing in it's early stages is perfect... I mean ...do we have to remind folks of the jokes about SBS 4.0?  We've come a long way since then.

So sign up...

Posted Sat, Jul 30 2005 12:34 by bradley | 1 comment(s)
Filed under:

I'm warning you...but this is just too good of a post not to view

Top 10 Rides if Microsoft owned Disneyland

And if the song isn't stuck in your head already...you can listen to it here

 

Posted Sat, Jul 30 2005 0:38 by bradley | with no comments
Filed under:

Dear Steve: 

I used to call you Mr. Ballmer, but we've swapped emails a rare time or two [yes he does email back] and I've used this blog venue a time or two as well so I think I can call you Steve now.  I just read where you announced in front of a bunch of beancounters that you'll be selling a “new” higher priced version of Windows and Office that will be high end desktop editions. 

We have plans in the Vista generation to introduce an Enterprise edition”

Oh please don't.  It's bad enough that we have to deal with convincing folks that Windows XP Home is ...well..for HOME and not for an office, it's bad enough that the Dell Small business sales catalogs feature XP Home, it's bad enough to wade through the versions of Office [and no ..the Student and Teacher edition should not be a valid version for a small business].  But when you say you'll have an “Enterprise version” that will have high end features...watch it, Sir.  You know us small businesses can [and many times do] have more of your new technology than older firms.  I'm 110% Borg now [the added 10% is due to the Smart Phone we just got].

Don't say “Enterprise” and only think Big Business.  Show me a large firm and I'll show you a lot of older stuff.  Show me a small firm and I'll show you a firm that's a lot more agile.

Be careful in your targeting of this product, Steve.  “Enterprise” is a state of mind, not the size of a firm.

The SKU codes for the Volume license media for SBS 2003 sp1 are:

SBS 2003 sp1 [slipstream media] T75-00605

Just the service pack is T75-00623

These can be ordered through the MS volume license fulfillment at 1-800-248-0655 [US/Canada - worldwide call your local fulfillment unless you are in Australia where I think they want you to go through a reseller] or through a reseller/distributor.

When you call MS volume licesning, have your agreement and authorization numbers handy off the eopen web site.  For those folks like me on the three year software assurance [where we get the software updates automagically] we can't go through MS volume license fulfillment, we have to go through our reseller/distributor.  Only the two year SA folks can go through the MS volume license fulfillment. [don't worry... whatever headache you are starting to get... Eric Ligman and the gang can sort you out on the Mssmallbiz community]

OEM folks.. well.. fortunately if you buy a Dell server now, you are getting SP1'd OEM media.

If you happen to be the proud owner of an Exchange 5.5 mail system...come a little closer...

Closer....

Closer...

IT'S TIME TO MIGRATE OFF!!!!

You heard me.  According to this there are 400,000 of you guys in the small to medium space and you need to MOVE off that old platform.  It served it's purpose but it's now time to send it to the server heaven in the sky.

I understand how hard it is to migrate. Trust me.  My Thanksgiving dinner this year was a frozen food meal because that's when I chose to migrate the servers at my office.  But “I” was migrating from 2000 to 2003.  If you are on 5.5.. you are sooooo overdue for upgrading it's not funny.  Exchange 5.5 was built in the 90's and just has served it's purpose.  Furthermore, I would argue... if you don't upgrade to Exchange 2003 you are soooooo missing out on the cool stuff in mail it's not funny.

Someone on a listserve said that Exchange was overkill for a 4 user firm.  No way.  I have two users at home...well three if you count the Dog...and we use Exchange.  Granted it's pop accounts and what not...but I just helped someone set up a SBS at home with dynamic IP and they are running full SMTP with a dynamic DNS account.  Javier has a post about migrating from POP to SMTP but the info is the same for setting up SMTP from the get-go.

Let me give you another piece of sage advice... not only can we move in an SBS 2003 server that has the same domain name as the old system [and thus not messin' with the desktops] using a method that many consultants use, we now have guidance to move a SBS 2003 into an existing domain, and ... as a result of Jeff's SBSmigration.com, he now has a building database of consultants that are SBS “Swing” Migration specialists that can help.

Now once you have SBS 2003 and thusly Exchange 2003, you then get all the cool stuff like the Phone that syncs with the server automagically.  Cant' do that with Exchange 5.5, can you?  Not to mention it has also all that cool stuff like Tarpit.  Dell servers right now are indeed selling with the slipstreamed SP1 so that is pre-enabled.

It's time.

They've served their purpose.

 

Piracy-check mandatory for Windows add-ons

 

If you Windows Update or Microsoft Update manually these days, you need to download the Genuine Advantage file 'before' getting updates. 

 

I checked and Shavlik [and I presume other patch programs don't need to either] have to have this on your boxes to get patches from Shavlik.  Good.  Mess with my patching tool and my way to keep my network secure and I'd be a bit concerned.

 

Description of the Windows Genuine Advantage program

http://support.microsoft.com/default.aspx?scid=kb;en-us;892130

 

From the FAQs

 

Q: Do all Windows users need to validate, or is validation limited to particular versions of Windows?

A: Validation is required for all genuine Windows downloads on Microsoft Download Center and the Windows Update service for users of Windows XP and Windows 2000 (client, not server). Security updates are accessible to all users via Automatic Updates. Genuine Windows downloads are available, without validation, to customers running Windows 98, Windows ME, Windows Server 2003, and Windows NT 4.0 with Service Pack 3. Genuine Windows downloads are not available for older versions of Windows (Windows 95, Windows NT 4.0 with Service Pack 2 and earlier), and non-Microsoft operating systems.  

 

Q: Do security updates require validation?

A: Security updates are not part of WGA. Security updates can be installed using the Windows XP Automatic Updates feature, or downloaded from the Download Center

And according to this.. it's already been 'cracked'.  Nice.  Bottom line folks.. buy legal software and the rest of us won't have to suffer through this kind of stuff, okay?

Posted Fri, Jul 29 2005 7:13 by bradley | with no comments
Filed under:
 

So the partner in my office went to make changes to his address book and then got out the usb cable to syncronize the phone.  But wait.. we don't need any cables.  The cool thing about the Audiovox 5660 phone [aka the SeanDaniel.com phone] is that once it's set up, it not only will automagically sync up, but with a mere rocker bar you can scroll to the sync button and manually sync it.

Just like Pinocchio, we don't need any cables anymore to make the sync connection.  And now that I know the steps, I told another in the office that it would be way much easier setting up the next one if they wanted to update their phones.  The partner said he was going to take it to a meeting on Monday and show it to the Attorney who was using a Blackberry.  He said that he was in a conference the other day and they needed to make a conference call and they just used the Attorney's cell phone speakerphone ability.  It was that good.  We both agreed that we really like the size of the Audiovox.  It was smaller than his old clunky Nokia and then way way smaller than the Blackberry.  Granted the advantage that the Blackberry has is a slightly larger keyboard for email...but I'm a gal who always says “pick your tool“.  If you need to email 'that' much ...take a tablet pc along with a wireless aircard.

This blog post mentions that in the UK they have an offer for a free trial to some executives.  Check it out.  Even they know the power of the “WOW” method of selling.  No marketing.. no glossy ads... just showing someone it works.

It's not that long ago that I had a brick of a cell phone and now the partner has Outlook and Internet in his pocket.  Keep in mind that I've only enabled OMA and haven't opened up any additional ports to my network.  Look how much more efficient I've just made someone in the office with an investment of about US$200.

I'd even strongly recommend that you consultants pick up this phone [or a Windows Mobile Smart Phone Device like it].  Remember the marketing method used to sell it to us?  It [or something like it] was seen in use.  When you use it in front of your clients... you will sell it...and if they don't have a SBS 2003 network ... well you just might sell one of those too.   

Just a heads up ...from the ever useful blogger SeanDaniel.com comes the answer to a question I've seen a few people ask about. 

How can I 'shadow' a session to show the person on the other side what I am doing when I take over their computer?

SeanDaniel.com blogs on how.

Check it out.

At the SMB technology network in Los Angeles I did a presentation on WSUS [Windows Software Update services] and I want to make sure everyone has a heads up about a new resource for WSUS:

The WSUS blog:

WSUS Product Team Blog:
http://blogs.technet.com/bobbie_harder_msft/

Don't forget the WUS listserve and the Patch Managment listserve as well...both signups located here.

 http://blogs.technet.com/wsus/

Forget that Bobbie_Harder blog......THIS is the REAL WSUS product team blog where we will be posting product information, tips and tricks, best practcies ,and other tidbits we find and hear not only from us, but from across the community! 

 

In order for PowerChute Business Edition to remain functional, users must 
upgrade to any version of 7.x. Due to expiration of the Sun Java Runtime 
Environment certificate, versions 6.x of PowerChute Business Edition will 
cease to operate normally as of July 27, 2005. Failure to upgrade will 
result in PowerChute Business Edition no longer providing monitoring and 
graceful shutdown of your system.




FYI

Just returned from a client that was having POP collector issues
yesterday - and client had decided to reboot the server in attempt to
clear it (Actual problem is the POP Mail hosting service is currently
down!).

The server would restart, get to logon screen, console logon made but
sits at "applying user settings" for WAY TO LONG.  Little appears to
work on workstations in relation to Internet access, etc.  Client
interrupted the server logon several times and forced reboots several
times (may be part of the issue's origin?)

Finally rebooted one last time last evening and left the logon process
going overnight - had the server console this AM - but no Internet
access.

Remote connection externally worked but strangely there was no option to
connect/logon to the server in the RWW screen.  Workstations were
available to connect to.

Go onsite.  TS service would not start.  RPC was started.  Found 2 APC
services sitting at "Starting" - killed those 2 services and Internet
connection began to work, TS service started on its own.

Thought it may be related to the APC software JAVA certificate timeout -
seen here.

PowerChute Business Edition - Customers Using 6.x Must Upgrade to 7.x
due to Java Runtime Environment expiration

SO I removed the APC software and rebooted.  Reboot AND logon only took
5 minutes now!  All Internet activity fine (except POP - of course).

Downloaded and installed new APC sw and all is fine.

Cal

Law #10: Technology is not a panacea

Technology can do some amazing things. Recent years have seen the development of ever-cheaper and more powerful hardware, software that harnesses the hardware to open new vistas for computer users, as well as advancements in cryptography and other sciences. It's tempting to believe that technology can deliver a risk-free world, if we just work hard enough. However, this is simply not realistic.

Perfect security requires a level of perfection that simply doesn't exist, and in fact isn't likely to ever exist. This is true for software as well as virtually all fields of human interest. Software development is an imperfect science, and all software has bugs. Some of them can be exploited to cause security breaches. That's just a fact of life. But even if software could be made perfect, it wouldn't solve the problem entirely. Most attacks involve, to one degree or another, some manipulation of human nature—this is usually referred to as social engineering. Raise the cost and difficulty of attacking security technology, and bad guys will respond by shifting their focus away from the technology and toward the human being at the console. It's vital that you understand your role in maintaining solid security, or you could become the chink in your own systems' armor.

The solution is to recognize two essential points. First, security consists of both technology and policy—that is, it's the combination of the technology and how it's used that ultimately determines how secure your systems are. Second, security is journey, not a destination—it isn't a problem that can be "solved" once and for all; it's a constant series of moves and countermoves between the good guys and the bad guys. The key is to ensure that you have good security awareness and exercise sound judgment. There are resources available to help you do this. The Microsoft Security website, for instance, has hundreds of white papers, best practices guides, checklists and tools, and we're developing more all the time. Combine great technology with sound judgment, and you'll have rock-solid security.


The last law of security is a perfect introduction to a new series of blog posts I'm going to be posting about my [notice the word MY] thoughts about the risks of SBS.  This is actually a lead up to two presentations that will be given at SMBnation [one by myself and Dana on how compliant is SBS, talking about checklists and comparing it to baselines and along the lines of his Security hardening presentation] and another presenter [and I'll put his name as soon as I can find it...I'm so blonde sometimes and searching isn't coming up with it] comparing SBS to 'the best practices'. 

While Dana will tell you that from a Security standpoint SBS sucks [bear with me... keep reading] as it breaks all the security laws in the book [all on the same location...no separation of services....and let's face it ... I have no doubt whatsoever that if someone from Blackhat wanted to specifically target a SBS box, they'd probably find a way in especially if you have Win98s in the mix or post it notes with the passwords stuck on the monitor], the reality is that the risks we take are very managable and very acceptable.  It's one of those things that you just have to say...what's your budget and where would you rather spend it on.  And honestly, I still feel that my budget and energy is better spent on the desktop [and now days other mobile devices] than the server.

Like take for example risks that I've historically faced that I consider to be one of my greatest in SBSland..that of physical security... we lost a desktop computer to a robbery and thanks to Dr. Jesper Johansson I didn't have a domain admin password on that system, and now take my recent risk where there is a user's password saved on an Audiovox phone.  In that case, that's an end user issue where if the device gets stolen, the first thing I'm doing is changing the password of his access.

As I'll talk about how SBS breaks all the rules, I'll also talk about why I think...especially for a small office, that in many cases those 'rules' of security are best broken [and I”ll explain why I think that too].  I still arguethat the best thing I can do is make my users aware, enable them to be paranoid, ensure they have the tools and knowledge they need to make the right decisions.

Stay tuned... for why breaking the rules is a good thing...

Posted Thu, Jul 28 2005 13:09 by bradley | with no comments
Filed under:

<with special thanks to the fabulous, beautiful, charming and brilliant Lanwench who graciously allowed me to steal this from something she wrote about her thoughts about SBS.  In this post she lists all the things about SBS that may [will?] drive Enterprise Admins to drink about SBS>

Some things that people will need to watch out for – especially after they do it the “old fashioned” way the first time and then realize that some features don’t work right:

 

  • When setting up workstations themselves, don’t name them what you want to end up with – you have to add the computer accounts using the wizard and then pick the name you wish for that PC during /connectcomputer
  • Don’t change OU names, or move computers out of the SBSComputers OU – if you don’t create the computer accounts with the wizard, or if you rename OUs or move a lot of things like group policy won’t work right, annoyingly!
  • Don’t move users out of the default OU either
  • I believe that the template account one uses when creating new users with the wizard doesn’t set up roaming profile paths (not sure) [Susan – no it doesn’t, this is another wizard]
  • During the SBS Setup, presuming one has configured one’s hardware RAID already & created the system partition, one can simply cancel out of the wizard when it’s time to select the paths for various things like the users’ home directories, data folders, profile folders, etc – can create the additional partitions/assign drive letters as needed, and then click the ResumeSetup shortcut on the desktop. The doc/wizard doesn’t make this obvious. Or, one can alt+tab to computer management/disk management & create the Exchange/data partitions then, and then go back to the setup wizard
  • User quotas are enabled by default (I think) – if one is like me, and hates these, turn it off manually [Susan – by default and yes I turn them off as well]
  • Circular logging is enabled by default in Exchange – if one chooses to use NTBackup instead of SBS Backup, this will not be changed, and must be deselected manually in ESM
  • (I don’t remember whether the mailbox quotas are set up by default on the store, or, if they are, whether the dangerous “third trigger” is set – I don’t like or use that one) [Susan  - on by default, I also turn them off]
  • The CEICW needs to be run as it is entirely possible to do everything it does manually, but it takes a lot of steps – in IIS, access to OWA and RWW, etc., will by default be set up to deny connections from anything other than localhost & the LAN IP range
  • The POP connector may sound like a great thing, but don’t use it – get your client to register a domain name & host his own mail. POP is for clients to talk to servers, not for servers to talk to servers…and you shouldn’t turn your server into a client anymore than you should turn your server into a router (the latter is the opinion of this writer and does not reflect the editorial stance of this station)

 

Note: SBS is a great bargain, but you have to do a tradeoff of sorts. You can get an SBS network functioning pretty well without using the wizards for some stuff, but not all of it (until MS decides to release a painfully detailed doc outlining *exactly* what, and where, the wizards do stuff). IT Pros may not like “black boxes” (I don’t!) but for the price point on SBS it’s worth it to most small businesses – so one has to cede a degree of granular control if one wants things to run properly. It is *always* good to know what is happening under the hood of any system – wizards should not be a substitute for knowledge, but just give up & run the wizards and it will work out all right. There is probably a therapy support group for enterprise-product admins who have gone through this. I’m looking for one.

Posted Wed, Jul 27 2005 19:19 by bradley | with no comments
Filed under:

<disclosure -- I think anyone on dial up is insane and a glutton for punishment...but..>

From the mailbag today comes the question if you can connect an SBS box to the Internet using a dial up modem.  All he has used is a high speed connection.

Remember .... dial up was the way we 'used' to set up SBS and it's only been recently that we use broadband.  It's really no different.. you can use an internal or external modem device...and just run the wizard.  Just don't pick broadband.

Now, sir..let me sit you down a moment.  I don't think you can properly protect a computer...let ALONE a business network on dial up these days.  Patch Tuesday comes along and all of a sudden, even with WSUS in the mix, that network will want to yank down patches.

These days the following gets updated pretty much automagically in my office....or with my intervention..but the point is I'm yanking down stuff all the time...

  • Antivirus
  • Antispyware
  • Security patches
  • New programs
  • Updates to programs
  • Buying software online
  • And every blasted phone home to some third party vendor to update program will be firing up that Internet connection.

Not to mention, once you get them on email..people think nothing of sending huge files.

So Nicolas... I had no problem understanding your question...yes you can quite easily use a dial up modem in the server to offer up Internet access, but if you can... plant the seed that they should be on Broadband.  I don't think you can protect your network without it. 

When I build a box.... a server or a workstation ...it's always 'behind' a router.  Just ..well...just because.  Building a system behind a firewall means that I can be a bit sloppy...that said you do realize that when the other day I talked about putting a system on the Internet after I 'built' it to Standard to make sure everything works and 'then' going onto premium that while behind a router at all times, I also was not exposing the system.

Remember I'm a two NIC gal.  So with a SBS box [unlike a normal Windows 2003 standard machine] we have even in the “Standard” configuation a RRAS firewall.  Nothing too fancy...but it works and protects us. Run the Connect to Internet Wizard and the RRAS firewall is there.  Ensure that everything is working [yes, including Sharepoint], a friend learned a hard lesson at my expense because he had RTM media [the original GOLD with the Sharepoint bug in it] and I stupidly thought that the mere application of the SBS 2003 sp1 right after the system was built would fix Sharepoint right up...I mean...after all it has that patch inside the Service pack..but obviously not.  The application of the SP service pack did not fix the broken Sharepoint.  He had to manually reinstall it with the original GOLD media, patch it, and then reappy SBS 2003 sp1 [the last patch] to get it to work.

I didn't realize that you couldn't go from a 'broken' Companyweb using RTM media to a “fixed” Companyweb using SBS 2003 sp1 media.  Lesson learned...unfortunately by him.

The rule of thumb we should remember...that I thought would work in this rare case...is that applying 'anything' over the top of 'something' not working generally doesn't help.  Oh sure there are hotfixes that are for a specific case, but in general, if something isn't working and you don't have a specific hotfix for it, don't assume that in general a service pack will make it go away.  Fix the underlying problem first... and then continue on your way.

P.S.  When building an SBS box... I never ever stop at installing the Windows part and attach it THEN to the Internet... I would ONLY stop after the installation of Windows to ensure the RAID array is set to go.  You finish the entire install of SBS and let the wizards do their thing and then and only then do you run the Connect to Internet Wizard to attach it to the Internet.  There's an article out there on an Exchange web site that recommends that you stop at the Windows part and get it to Windows Update and patch it and I strongly disagree.

Having completed this you will get the SBS Setup Wizard welcome screen. At his stage you should not proceed with the wizard. Instead you should configure the server to support the rest of the installation.

Before commencing with the installation it is of utmost importance that you install all available patches at http://windowsupdate.microsoft.com.

Totally and utterly and completely wrong.  Never stop at this point and go to Windows update to patch the SBS box.  You SHOULD ALWAYS PROCEED WITH THE INSTALLATION.  Ensure you fully complete the wizard and THEN run the connect to Internet wizard and complete the Internet connnection and patching. [Not to mention these days go to Microsoft update and not Windows Update]

Posted Wed, Jul 27 2005 18:00 by bradley | 2 comment(s)
Filed under:

Sometimes it's the stupid little things that trip you up and then get you frustrated so you don't check the things that are trying to tell you the problem.

Here it was...in my event logs for the last day trying to tell me ...Girl... hello.... the user login name isn't what you put in... it's supposed to be something else...and I wasn't looking for the clues.

So let's start over and showcase all the places I screwed up.

1.  The basics of the phone.  First off get that phone so it can surf the web.  Problem number one that I had was that I didn't realize that the phone was slightly screwed up and I wasn't getting Internet access.  No access, no Sync.  So step number one in that Mobility document beside setting up the server side [to get OMA to work] is to ensure your phone can even GET to the web.  If not... get that fixed first with the Cingular folks. [for the record turning the phone off and then back on did the trick ...duh]

While there is a guide here:  Accessing browser settings on the Audiovox SMT5600 (KB34899) and the best way to find that document is to put 34899 in this search box.  Better yet call Cingular's Data Technical Support team at 866-490-2666.  Get the phone correct, get the OMA working and test it [go to https://server/OMA put in the username and password and ensure it works.  Now step two...the Certs..

2.  The basics of the certificate in place. Now in a perfect world the SBSmobility config thingy would work and if you already have SBS 2003 sp1 in place you have Active Sync 3.8 ..but ...we don't live in a perfect world...so of course I had to manually install the certs on my phone.  There are two ways to get them off a system and get them on a phone.  In IE, Tools, Content, Certificates, see the two certs that ...one is for your domain name...the other is publishing.domainame?  Export them to a local place on the computer's C drive and the using the ActiveSync Explore ability to open up that smart phone, stick them in My documents.  Now go to the phone, in the file manager, to the my documents and click on them to install.  You can also export out certs using the MMC [start, run, MMC, Add a snap in for Certificates and export them out that way].  In fact even if the SBS mobility configuration does automagically work, it wouldn't hurt to browse and confirm that those certificates are installed....start..settings...more... certificates..root...more... scroll down and your two certs from your server should be there.

Okay got all those parts in place?  Cool.  Now comes the important step:

3.  The basics of the credentials for access.  ENSURE THAT THE USERNAME YOU PUT IN TO THE ACTIVESYNC SET UP IS THE RIGHT NAME AND IT'S CAPITALIZED PROPERLY.  For some insanely stupid reason I thought the login name for the user I was setting this up for was one thing..and instead.. it was another.  So here I am trying like crazy last night and it would not work.  Meanwhile back in my Security event logs... my system was patiently telling me that I was close...but had screwed up the username/password.  Yup I had even been getting Event 529's in the security log file.  I mean how much more blonde could I have been?  Hello?  There it was in my face telling me that I had messed up the most basic of the settings.  So while the phone was now off the cable, all I had to do was to enter the RIGHT user name [making sure I hit T9 for caps] and .....there we go.... technology working....

So voila we sync and at the end it asks me for the SMS phone number and just remember it's the phone number of the device@mobile.mycingular.net.

Now.. knowing that the password for the domain is on this device...NO WONDER in Exchange 2003 sp2 they will add the feature that you can remotely 'kill' the device to ensure that someone can't get unauthorized access.

The moral of this exercise?

Make sure you check the BASICS.  I did some very dumb things along the way because I assumed I had them in place.  I didn't.

But now we have a little more WOW in place at the office.

[and pssst... we just added the category of “Mobility” to the blog]

P.S.  You 'can' obviously do this with merely an IP address access to the server...just leave the domain name blank.  You can do this with a tzo.com account...and with a real account... you can even do all of this WITHOUT using SMTP email [yes even if you are a Pop connector person and have no MX records or open port 25...this all works automagically...well... if you are a bit more brunette anyway....]

The good news the Audiovox is now connecting to the Internet [uh...fixed that one with the Cingular guy having me turn the phone off and then on again]

hmmm .... I'm not doing something right....

While I have the active sync 3.8 on the workstation, and Chad walked me through manually installing the certificates on my device [the instructions aren't clear that you have to go to the 'my documents' on the device and click to install the certs there] So the certificates of my server and the publishing one are there...but it still will not connect.

Then when I try to use the automated config tool I get this in the log file:

7/2005 23:55: 4 -- Start Logging
SUCCESS: Located a  suitabile connected device.
INFORMATION: sbsmobcfg.exe launched in main config mode.
ERROR: Could not get server "Server" name from: C:\Program Files\Microsoft Windows Small Business Server\Clients\config.dat
ERROR: Could not get domain name "Domain" from: C:\Program Files\Microsoft Windows Small Business Server\Clients\config.dat
ERROR: Could not get config VPN status "VPN" from: C:\Program Files\Microsoft Windows Small Business Server\Clients\config.dat
ERROR: Could not get phone number "Number" from: C:\Program Files\Microsoft Windows Small Business Server\Clients\config.dat
ERROR: Could not create an ICertificate object.
SUCCESS: Server Sync feature configured.
SUCCESS: Successfully configured mobile device.
ERROR: Could not delete SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect -> SBSWirelessConfig value.

Hint there is no config file on the local machine but I followed the mobility document to shoot down activeSync 3.8 and it 'is' there.

But you can look at the device and the server setup appears to be there.  Now here's the insane thing I do at the office... my remote access isn't tied to a domain name [don't ask it's the way I like it] instead it's an IP address but the ISA cert matches that so I'm not sure if that is throwing it a curve.  I'll call Cellular tomorrow and give it another go.

Once I get this working... it looks like it will be really cool.. I'm just missing something stupid, I know....

You are standing in the bank and you recognize the exact make and model of the Dell small terminals they are using as teller workstations.

You stand in such a way to see the screensaver so you can see what OS they are running [Windows 2000]

And when the teller is unable to do a search and brings over another teller and says “This is giving me an error message saying I have an ODC error and it's not giving me any results

...... and you stand there as they are discussing the issue for a bit before piping up and asking “Is that an ODBC error?” 

Oh yes

“uh if it's an ODBC error that's indications of an underlying problem connecting to the database and you won't get any results back”

And now two bank tellers are a little more knowledgable about their computer systems and the standard errors that indicate ...just take the money of the person who drove to an ATM to get it and send her on her way and deal with it tomorrow.

Posted Tue, Jul 26 2005 18:18 by bradley | with no comments
Filed under:
More Posts Next page »