THE OFFICIAL BLOG OF THE SBS DIVA

When putting a Vista on the network make sure you adjust the SP2 RSS/TOE stuff on the server

A Windows Server 2003-based computer responds slowly to RDP connections or to SMB connections that are made from a Windows Vista-based computer:
http://support.microsoft.com/?kbid=946056

And on the Vista machine do these commands:

netsh interface tcp set global autotuning=disabled
netsh interface tcp set global chimney=disabled
netsh interface tcp set global rss=disabled

And like Charlie Russel (Windows 2008 Administrator 
Companion Book Author says... in the 2008 era..put them back :-)

When debugging why you can't connect via RDP to a Vista machine, make sure the button that allows you access is enabled like it should...

You cannot distribute or install a software package in Windows Server 2003 if the software package contains a very large signed file:
http://support.microsoft.com/kb/938759/en-us

You cannot distribute or install a software package in Windows Server 2003 if the software package contains a very large signed file. This problem typically occurs when the signed file is larger than 500 megabytes. For example, you may experience the following symptoms:

http://blogs.technet.com/mu/archive/2008/01/26/office-2003-sp3-update-just-over-30-days-and-it-starts-to-be-available-via-microsoft-update-automatic-distribution.aspx

Check out the Microsoft update blog in regards to the heads up for Office 2003 sp3 being on MU!

Remember we're critical because we have WINS running. 

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: January 25, 2008
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment. 
Please see the appropriate bulletin for more details.

  * MS08-001 - Critical

Bulletin Information:
=====================

* MS08-001 - Critical

 - http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
 - Reason for Revision: This bulletin was revised to clarify the
    impact of Windows Kernel TCP/IP/IGMPv3 and MLDv2
    Vulnerability (CVE-2007-0069) on supported editions of
    Windows Small Business Server 2003 and Windows Home Server.
    Also included is an explanation and clarification that
    current Microsoft detection and deployment tools already
    correctly offer the update to systems running Windows Small
    Business Server 2003 and Windows Home Server.  
 - Originally posted: January 8, 2008
 - Updated: January 25, 2008
 - Bulletin Severity Rating: Critical
 - Version: 3.0
        

Last night MS08-001 kicked SBS to "critical"
on this patch and the reason is we're running WINS on
our boxes (along with the kitchen sink software and all that)  

You may want to run netsh int ip show joins on your
systems that are NOT SBS to see if you are critical rather than important
and you are broadcasting multicast in your servers.
    
http://blogs.technet.com/swi/archive/2008/01/10/MS08_2D00_001-_2D00_-The-case-of-the-missing-Windows-Server-2003-attack-vector.aspx
Question 2: How can I tell whether my Windows Server
2003 machine is vulnerable?
  
Answer: If the server joins to any multicast group
other than 224.0.0.1, then it is vulnerable to
IGMPattack.
  
Using the following netshcommand will show the
multicast groups to which the machine is joined.
  
netsh int ip show joins
  
For example, if the WINS component is enabled in Win2k3
server, the output of the netsh commandabove would be:
  
Interface Addr   MulticastGroup
  
--------------- ---------------
  
10.1.1.1         224.0.0.1 
10.1.1.1         224.0.1.24
  
224.0.1.24 is IP multicast group for WINS. The
configuration above (if unpatched) is vulnerable to
the IGMP attack.
  
  http://blogs.technet.com/swi

On a SBS box (any version not just SP2) you will see your
internal IP and then the following:

 netsh int ip show joins

You'll most likely get UNLESS you are Steve Foster and
have your SBS box set up without WINS which is possible...

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

Interface Addr   Multicast Group
---------------  ---------------
192.168.16.2     224.0.0.1
192.168.16.2     224.0.0.2
192.168.16.2     224.0.1.24
192.168.16.2     239.255.255.254
192.168.1.4      224.0.0.1
192.168.1.4      224.0.0.2

SBS 2003 sp1, R2, SP2 even RTM we're all running WINS and 
thus now rated critical.  
With WINS typically not being externally exposed they will 
still have to wiggle in but it's important to understand WHY we're rated 
critical for this and why normal Windows 2003 server is not.

On the ActiveDir list, David Loder indicated that IBM Director Agent
software also is broadcasting this.  So even non SBS shops may
want to run that command to see if they are "critical" rather
than just important.

Of interest to note is when this security bulletin notification changed last night SBS 2003 went to having a critical security status specifically in this bulletin.  For me this just made me ask more question....

Only SP2?  What about R2?  What about Sp1?  What in SBS makes it critical and only Important on Win2k3?  What threat vector do we specifically have and is it there in Premium with ISA as well?

Stay tuned and I'll try to get those answers to better access why SBS is critical in this newly updated MS08-001 security bulletin. 

* MS08-001 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
- Reason for Revision: Bulletin updated to add Windows Small
   Business Server 2003 Service Pack 2 as an affected product.
   Also added an FAQ to clarify that current Microsoft detection
   and deployment tools already correctly offer the update to
   Windows Small Business Server 2003 Service Pack 2 customers.  - Originally posted: January 8, 2008
- Updated: January 23, 2008
- Bulletin Severity Rating: Critical
- Version: 2.0

http://www.newegg.com/Product/Product.asp?Item=N82E16820211249

Yes, it's a 2 gig flash drive.

Yes, sister has one.

So you are loading up a Vista and you hit an error in the connect to computer wizard that says "The following user settings are private"

"The following user settings are private" error message when you try to
migrate a user's profile to Windows Small Business Server 2003
http://support.microsoft.com/default.aspx/kb/886210
 
While that's the info for XP, we've found that in Vista that you have to look at the log file of where it's getting stuck.

%ProgramFiles%\Microsoft Windows Small Business Server\Clients\SBSNetSetup.log 

In one case the issue was "In my case it was some folders in the local user's temp folder - I just
deleted them and hey presto it worked. "

welcome to the funcave » 27,000 Pounds And What Do You Get?:
http://www.chrisrue.com/funcave/2008/01/27000-pounds-and-what-do-you-get.html

What does Sharepoint, a Mobile version of Sharepoint and ecycling have to do with one another?

Stay tuned and you'll see.  Chris has promised to blog about some really kewl stuff he's doing/did for the ecycling day.

When in Virtual PC or VMWare and restoring a StorageCraft image you have to think of where you are at.

First off.. you need to share out the location of where the image is at.  Then you boot the StorageCraft ISO into the virtual PC or VMware.  Choose option one that uses the vistaPE boot sequence.  Then, inside StorageCraft, you assign an IP address in the range of the IP address of the machine that holds the image.  In my case my box was at 192.168.000.002 and I gave the IP of the StorageCraft 192.168.000.050. 

Then I mapped a drive letter.  In my case as I'm restoring this on a machine that is a workgroup the syntax is \\Machinename\Sharedfolder and entered the username and password. 

So now I ensured that a partitioned out in the Virtual PC a larger space then my backup ..and I began the restore process.  The first thing it wanted me to do was to partition the drive I had set up and then it wanted to reboot the image.  But when it rebooted it just sat there with a blinking curser.. AH I forgot to go into the boot sequence of the VPC/VMware and make it boot from the cdrom (or in this case ISO) of the StorageCraft first.

Once it did that I started the restore wizard again....

But this is definitely something you want to practice and document the process.  When something blows up is not the time to be fumbling around trying to figure this stuff out.

But when it works... and you now have a virtualized copy of the exact desktop at the office (yes it's retail not OEM in case the licensing folks are reading) of XP that you can put under Vista just in case you need it, it's priceless.

Interesting thing in my inbox tonight.  It's a normal everyday Phishing scam... looks like this:

Since I keep an eye on the types of servers that folks are using for phishing attacks, I hover over the link to see what server it was really redirecting to.  Instead of some foreign web site, what caught my eye was that it was a http://mail.attorneyfirmname.com/clienthelp/signonscreen.htm.  Now for those of you that know your SBS boxes... clienthelp happens to be a screen inside a SBS network. 

Yeah..that one.  Signonscreen.htm however is a new one that doesn't belong there.  Sandi... of the Spyware Sucks fame who blogs at http://www.msmvps.com/blogs/spywaresucks investigated the page and found that the page inside the server redirects to another server that contains the "spoof" or phish page, so they are bouncing a phish through one server to another.

So for those of you who take care of SBS boxes.... be aware that there's a SBS box out there that both Sandi and I have pinged the contact person to attempt to make them aware of the fact that they have a problem with that server.  But the moral of this story is to watch your firewall traffic logs and close down the access on that server.  Port 80 is open, RWW isn't properly configured, and my guess is that someone was surfing at a workstation that brought the bad thing in that impacted and infected the server.

But it's interesting that they are bouncing through one server to another these days.

Those of us "Certifiably insane from Patching" that is.... 

Microsoft User Research is inviting select customers to participate in a user research study. 

We are looking to learn from companies who perform IT services for your own customers; such as backing up data, managing/installing patched and keeping AV software up-to-date. 

We would like to come to the office to talk to someone who performs IT service for clients and learn from them.  It is important for you to know that you do not need to prepare for this.  We want to learn from you, the experts, so that we can determine what needs to be improved in our software.  This also give you the chance to tell us what your needs are and meet with some members of our product team.We highly value your feedback and will be offering you free Microsoft software in appreciation of your time and participation.If this is something that you or others at your company would be interested in, please reply to itvisits@microsoft.com at your earliest convenience. 

We are scheduling site visits for February. 
Thank you
Vivien and Jenny
Vivien Lai and Jenny East
MAX UX Site Visits
Volt at Microsoft
Building 44/2095(425)

» Microsoft (finally) broadens Windows Vista virtualization rules | All about Microsoft | ZDNet.com:
http://blogs.zdnet.com/microsoft/?p=1122

Good, I'm not in violation of licensing anymore as I've been virtualizing Vista home premium for patch testing for a while now.

(I guess it's okay to admit that in public now?)

Mark has the comment that Nitix is a nice product that not every SMB needs SBS... and while there's a long blog post in my head that I haven't had the chance to flesh out about how there are parts of me that know that SBS is perfect for some firms, for others, especially now with Hosted Exchange, trying to keep this sucker patched and maintained is not easy.  I have these old Microsoft Partner Drive smart cds from when SBS 2003 first shipped and they talk about how easy it is to setup and deploy SBS...and for the most part ...it is.  But maintenance... I think that's an area that has room for lots of improvement. 

Before we we knee jerk recommend SBS because that's all we had and folks were not comfy with data in the cloud.  Now days, people are a lot more acceptable of their gmail accounts and many a SBS consultant likes their email in a pop account because they don't trust Exchange.

While Nitix now being IBM means that the alternatives to SBS went up a notch in the 'wow, a big vendor behind it' in my mind, there's still the "hit by a bus issue".  I can find folks who have Windows expertise.  Other platforms are harder to find consultants for.  Add to that the tools I have on the Windows platform and the total cost of ownership picture can't be overlooked.  But competition in an industry brings interest.  That's for sure.

Not Mark Crall, that's for sure.....

SBSC & MSP Buzz » Blog Archive » Response Point Status Monitor for SBS:
http://sbsc.techcareteam.com/archives/151

Download details: Microsoft Response Point Status Monitor:
http://www.microsoft.com/downloads/details.aspx?familyid=bb02a9ff-30a5-4c60-ba0a-10e2511a5e83&displaylang=en&tm#Overview

But so far the RP blog doesn't talk about it... 

Response Point Team Blog:
http://blogs.technet.com/rp/

But they do have this...

Response Point Team Blog : Looking for Response Point info?:
http://blogs.technet.com/rp/archive/2008/01/14/looking-for-response-point-info.aspx

Did you see this? 

By acquiring Net Integration, IBM gets Nitix, a Linux-based product that will compete with Microsoft's Small Business Server

IBM swallows up Net Integration <http://www.echannelline.com/usa/story.cfm?item=22846>
IBM says it's beefing up its SMB strategy and moving into Microsoft server software territory with the acquisition of Net Integration Technologies.
Full Story >>> <http://www.echannelline.com/usa/story.cfm?item=22846>

Mike Walsh's WSS and more - What comes after SBS 2003:
http://mikewalsh.bilsimser.com/PermaLink,guid,b7f071eb-0dc1-405b-8b85-7f268c09c212.aspx

Sorry to disappoint you Mike ... you'll be stuck with us SBSers for a while...

There's a couple of things you missed in that article (I'm assuming it's this one -- http://redmondmag.com/news/article.asp?EditorialsID=9226)  and for the benefit of others I'll do a heads up here.  First off the article Mike is referring to is about Essential Business Server which is not SBS.  EBS is not SBS.  While the initials may be similar the fact is they are not the same thing. 

What is EBS?  (and yes Mike, that is it's RTM name)  It's a three server solution for mid sized businesses..ones above SBSsized.
A good resource/overview of EBS can be found at Windows Essential Business Server - Wikipedia, the free encyclopedia:
http://en.wikipedia.org/wiki/Windows_Essential_Business_Server

What is SBS Next?  Charles' blog has a good overview:  Are you Ready for Windows Small Business Server Codename "Cougar"? - In The Know - Charles Van Heusen's Weblog:
http://ts2community.com/blogs/charlesv/archive/2008/01/11/are-you-ready-for-windows-small-business-server-codename-quot-cougar-quot.aspx

The difference between EBS and SBS next will be the size of the client base attached to the network.  SBSnext will be the typical small network, EBS will be a larger mid sized firm, like the article said about 250 and below.  SBS will still be 75 and below.

And sorry to tell you Mike, SBS Next still has Sharepoint,  you are still stuck with us. ;-)

Small Business IT Pro Blog:
http://sbscanada.wordpress.com/

I had to laugh at this.... 'Hopefully there’s SOMETHING out there that Susan and/or Vlad don’t know. But lets not count on THAT '

I've heard that folks that read my blog are now called "enablers". 

Hi, I'm Susan... and I blog....